fix: should now sync with other devices

.agents/skills/playwright-e2e/SKILL.md

@@ -195,7 +195,7 @@ export class LoginPage {
 | ------------------- | ------------------ | ----------------------- |
 | `/login`            | `LoginPage`        | `LoginComponent`        |
 | `/register`         | `RegisterPage`     | `RegisterComponent`     |
-| `/search`           | `ServerSearchPage` | `ServerSearchComponent` |
+| `/servers`          | `FindServersPage`  | `FindServersComponent`  |
 | `/room/:roomId`     | `ChatRoomPage`     | `ChatRoomComponent`     |
 | `/settings`         | `SettingsPage`     | `SettingsComponent`     |
 | `/invite/:inviteId` | `InvitePage`       | `InviteComponent`       |

agents-docs/LESSONS.md

@@ -25,6 +25,41 @@ Durable rules for AI agents working on this project. Read this file at session s
 
 ## Lessons
 
+### When renaming an Angular route, sweep every navigate/url-match/doc reference [routing]
+
+- **Trigger:** the find-servers route was renamed `/search` → `/servers` in `app.routes.ts`, but `servers-rail.component.ts` still called `router.navigate(['/search'])` (leave-server) and matched `startsWith('/search')` for the user-bar visibility signal, throwing `NG04002: 'search'` on leave and never showing the user-bar on the discovery page.
+- **Rule:** after changing a `path:` in `app.routes.ts`, grep the whole repo for the old literal (`/search`) across `*.ts`/`*.html` (router calls, `startsWith`/url-match signals) and docs (`docs-site`, `.agents/skills/playwright-e2e/SKILL.md` route tables, domain READMEs) and update them all in the same change.
+- **Why:** `router.navigate` to a non-existent path raises `NG04002` and aborts navigation, and stale `startsWith` matches silently break route-derived UI state — neither is caught by the build (string literals) and there was no `servers-rail` spec to catch it.
+- **Example:** fixed `isOnServers`/`router.navigate(['/servers'])` in `servers-rail.component.{ts,html}`; canonical post-leave/discovery route is `/servers` (`FindServersComponent`), matching `DashboardComponent`'s `router.navigate(['/servers'])`.
+
+### Server discovery (featured/trending) must fan out across all online endpoints like search [server-directory]
+
+- **Trigger:** the `/servers` (find-servers) page showed no servers by default but found them as soon as the user typed in the search box. Discovery (`getDiscoveryServers`) queried only the *active* endpoint via `getApiBaseUrl()`, and when that endpoint is a discovery-unsupported production host (`signal.toju.app` / `signal-sweden.toju.app` in `DISCOVERY_UNSUPPORTED_HOSTS`) it short-circuited to `[]`; search meanwhile fans out across every online endpoint, so typing surfaced the servers that lived on other endpoints (e.g. localhost).
+- **Rule:** make `getFeaturedServers`/`getTrendingServers` fan out across `getSearchableEndpoints()` with `forkJoin` + `deduplicateById` (mirroring all-endpoint search), and apply the `endpointSupportsServerDiscovery` gate *per endpoint* (skip → `[]`) instead of short-circuiting the whole request on the active endpoint.
+- **Why:** the empty-query find-servers view renders discovery sections, not search results, so any divergence between discovery's endpoint set and search's endpoint set makes the default view look broken while search works.
+- **Example:** `getDiscoveryServers` + `fetchDiscoveryFromEndpoint` in `server-directory-api.service.ts`; verified the live server returns 12 featured/12 trending while the active production host is gated out client-side.
+
+### Server registration needs `ownerPublicKey: oderId || id`, and must not be fire-and-forget [server-directory] [rooms]
+
+- **Trigger:** creating a server appeared to work (the creator landed in the room view) but the server didn't exist on the backend — invite-link creation and search both 404'd. `createRoom$` sent `ownerPublicKey: currentUser.oderId` with no fallback; on restored sessions `oderId` can be falsy (identify still works because it falls back to `id`), so `POST /api/servers` returned `400 Missing required fields`, and the `.subscribe()` swallowed the error while `createRoomSuccess` fired regardless.
+- **Rule:** resolve owner identity as `oderId || id` everywhere it's required (the server rejects an empty `ownerPublicKey`), and give `registerServer().subscribe()` an `error` handler so a failed registration is never silent.
+- **Why:** verified against the live server — authed POST with a truthy `ownerPublicKey` → 201; authed POST with an empty one → 400; the swallowed 400 is exactly what produces a "ghost" room the creator can enter but no one can find.
+- **Example:** `buildServerRegistrationPayload(room, currentUser, normalizedPassword)` in `toju-app/src/app/store/rooms/server-registration.rules.ts`, used by `RoomsEffects.createRoom$`.
+
+### Identify must fall back to the legacy session token, not only the new credential store [realtime] [authentication]
+
+- **Trigger:** the multi-signal-server auth refactor changed `resolveCredentialForSignalUrl` to read *only* `SignalServerCredentialStoreService`; sessions restored from disk (and logins where `user.homeSignalServerUrl` is unset) have an empty credential store, so `identify` was skipped on every signal server ("Skipping identify because no session token is available") and users appeared alone — no presence, no peers, sent messages visible only to themselves. E2E never caught it because every e2e flow does a *fresh* register/login that writes the credential store directly.
+- **Rule:** when resolving the identify credential for a signal URL, prefer the per-signal credential but fall back to the legacy `AuthTokenStoreService` token reconstructed with the current home user's `id`/`displayName`; never gate `identify` solely on the new credential store.
+- **Why:** `persistSessionToken` always writes the legacy `metoyou.authTokens` store on login, but the per-signal credential store is only populated on fresh login (with a `loginResponse`) or successful migration/provisioning — so on reload it can be empty while a valid session still exists.
+- **Example:** `resolveSignalIdentity(credential, legacyTokenEntry, homeUser)` in `signal-server-credential-resolution.rules.ts`, wired through `SignalServerAuthService.resolveCredentialForSignalUrl` (which now passes `this.authTokenStore.getTokenEntry(httpUrl)` and a `homeUser` carrying `id`). Test cross-user behavior via a *session-restore* path, not just fresh login.
+
+### Keep the per-signal-URL identify credential resolvable from the store [realtime] [authentication]
+
+- **Trigger:** after the multi-signal-server auth refactor, `SignalingManager.getLastIdentify` was switched to `getIdentifyCredentialsForSignalUrl`, which only read an in-memory cache populated *after* `identify()` ran; a freshly (re)connected socket then emitted `join_server` before any identify and users silently never appeared in the presence roster (almost all multi-user e2e tests timed out waiting for the peer's `room-user-card`).
+- **Rule:** `getIdentifyCredentialsForSignalUrl` must fall back to resolving the credential from the credential store so a new socket's `onopen` re-identifies before it re-joins; never restrict it to only the in-memory identify cache.
+- **Why:** the server drops `join_server`/`view_server` on any unauthenticated connection, so an identify-less join is lost with no error and recovery only happens on a later reconnect (often beyond the 20s test timeout).
+- **Example:** server log showed `join_server authed=false ... display=User` dropped, then `User identified: Alice` on a different connection but no `Alice joined server`; fixed in `signaling-transport-handler.ts` by resolving via `dependencies.resolveCredential(signalUrl)` when the cache is empty.
+
 ### Store clientInstanceId in sessionStorage not localStorage [realtime] [multi-device]
 
 - **Trigger:** same user logged in on two tabs, browsers, or synced profiles sees alternating "Disconnected from signaling server" and no cross-device chat/voice sync.

agents-docs/features/authentication.md

@@ -52,7 +52,7 @@ Require `Authorization: Bearer`:
 ```
 
 - `oderId` must match the token's user id when provided.
-- `clientInstanceId` is a stable per-install UUID generated by the product client (`metoyou.clientInstanceId` in `localStorage`). The signaling server uses it to distinguish multiple WebSocket connections for the same user and to route voice ownership.
+- `clientInstanceId` is a stable per-tab UUID generated by the product client (`metoyou.clientInstanceId` in `sessionStorage`). The signaling server uses it to distinguish multiple WebSocket connections for the same user and to route voice ownership.
 - Server responds with `auth_error` or `auth_required` when authentication fails.
 
 ## Multi-device sessions
@@ -62,11 +62,59 @@ Require `Authorization: Bearer`:
 - Voice/WebRTC is exclusive per user: only one `clientInstanceId` may own active voice at a time. Other connections show passive UI and can send `voice_client_takeover` to move voice to the local device.
 - Stale reconnect hygiene: when a client re-identifies with the same `(oderId, connectionScope, clientInstanceId)` tuple, the server closes the older socket for that tuple.
 
+### Account-owned state sync (`account_sync`)
+
+When the same account is logged in on multiple devices, account-owned data is kept in sync through the signaling server:
+
+| Data | Mechanism |
+|---|---|
+| Server chat messages | Existing `chat_message` relay (connection-scoped broadcast) |
+| Voice / typing | Existing `voice_state` / `user_typing` relays |
+| Saved servers (join/leave) | `account_sync` payload `saved-room-sync` / `saved-room-remove` |
+| Profile avatar + card text | `account_sync` `user-avatar-full` + `user-avatar-chunk` |
+| Custom emoji library | `account_sync` `custom-emoji-full` + `custom-emoji-chunk` |
+| Friends list | `account_sync` `friend-added` / `friend-removed` |
+| Server icons, edits, reactions | `account_sync` relay of existing P2P broadcast event types |
+
+Client rules:
+
+- `broadcastMessage()` still fans out over peer data channels; relayable events are **also** wrapped in `account_sync` and sent on the WebSocket.
+- The server forwards `account_sync` to every other open connection for the same `oderId` via `notifyOtherConnectionsForOderId`.
+- Receivers ignore payloads whose `clientInstanceId` matches the local tab id.
+- When a new device identifies, the server notifies existing connections with `account_sync_peer_online`; those devices push a full snapshot (saved rooms, friends, profile, emoji library).
+
+WebSocket envelope:
+
+```json
+{
+  "type": "account_sync",
+  "clientInstanceId": "<per-tab-uuid>",
+  "payload": { "type": "saved-room-sync", "room": { "...": "..." } }
+}
+```
+
+Server response to other connections includes `fromUserId` set to the sender's `oderId`.
+
 ## Client storage
 
 The product client stores tokens per signaling-server base URL in `localStorage` (`metoyou.authTokens`). An HTTP interceptor attaches the bearer token to `/api/*` requests targeting that server.
 
-Persisted local user state (`metoyou_currentUserId` + IndexedDB/SQLite profile) is **not** sufficient to use chat or presence. On startup, `loadCurrentUser$` requires a non-expired session token for the user's home/active signaling server (or any stored token as a fallback). Missing or rejected tokens dispatch `SESSION_EXPIRED` and redirect to `/login`. WebSocket `auth_required` / `auth_error` responses trigger the same path.
+Per-server credentials (`metoyou.signalServerCredentials`) map each normalized signal-server URL to the authenticated user id, username, display name, session token, expiry, and whether the account was auto-provisioned. The home user profile in SQLite/NgRx remains the device-local identity (`homeSignalServerUrl`); foreign-server credentials are a side map used for REST and WebSocket identify on that URL.
+
+A per-install **provision secret** enables silent account creation on newly added or encountered signal servers. It is generated on home register/login, stored in Electron `safeStorage` when available (sessionStorage fallback on web), and never persisted as the user's visible login password.
+
+### Multi-signal-server auth flows
+
+| Flow | Action | Effect |
+|---|---|---|
+| Home login/register | `authenticateUser` | Resets local state, stores home credential + provision secret |
+| Foreign login/register | `authorizeSignalServer` | Upserts credential for that URL only; home session unchanged |
+| Auto-provision | `SignalServerProvisionerService` | Registers or logs in on foreign server using provision secret; on username collision tries suffixed username (`alice-<homeUserIdPrefix>`) |
+| Foreign auth failure | `signalServerAuthFailed` | Clears that URL's credential and re-provisions when home token is still valid; global logout only when home server rejects auth |
+
+Authorize UI: `/login?mode=authorize&serverId=…&returnUrl=…` (also supported on `/register`). Settings → Network shows per-endpoint `Authorized` / `Needs sign-in` badges.
+
+Persisted local user state (`metoyou_currentUserId` + IndexedDB/SQLite profile) is **not** sufficient to use chat or presence. On startup, `loadCurrentUser$` requires a non-expired session token for the user's home signaling server (or any stored token as a fallback). Missing or rejected **home** tokens dispatch `SESSION_EXPIRED` and redirect to `/login`. Foreign-server `auth_required` / `auth_error` responses clear only that server's credential and attempt re-provision.
 
 ## Security considerations
 

docs-site/docs/developer/dom-structure.md

@@ -10,14 +10,20 @@ This page maps the app routes and important DOM areas. It is useful for plugin a
 
 | Route                        | Component                 | Purpose                                                               |
 | ---------------------------- | ------------------------- | --------------------------------------------------------------------- |
-| `/`                          | Redirect                  | Redirects to `/search`.                                               |
+| `/`                          | Redirect                  | Redirects to `/dashboard`.                                            |
 | `/login`                     | `LoginComponent`          | User login.                                                           |
 | `/register`                  | `RegisterComponent`       | User registration.                                                    |
 | `/invite/:inviteId`          | `InviteComponent`         | Resolve and accept invite links.                                      |
-| `/search`                    | `ServerSearchComponent`   | Search and join servers.                                              |
+| `/dashboard`                 | `DashboardComponent`      | Landing dashboard after sign-in.                                      |
+| `/people`                    | `FindPeopleComponent`     | Discover and start direct messages with people.                       |
+| `/servers`                   | `FindServersComponent`    | Search, discover, and join servers.                                   |
+| `/create-server`             | `CreateServerComponent`   | Create a new server.                                                  |
 | `/room/:roomId`              | `ChatRoomComponent`       | Main server page with text, voice, members, and plugin panels.        |
 | `/dm`                        | `DmWorkspaceComponent`    | Direct-message workspace.                                             |
 | `/dm/:conversationId`        | `DmWorkspaceComponent`    | A selected direct-message conversation.                               |
+| `/pm`                        | `DmWorkspaceComponent`    | Private-message workspace (alias of the DM workspace).                |
+| `/pm/:conversationId`        | `DmWorkspaceComponent`    | A selected private-message conversation.                              |
+| `/call/:callId`              | `PrivateCallComponent`    | Active private (1:1) call.                                            |
 | `/settings`                  | `SettingsComponent`       | App, voice, server, plugin, desktop, theme, local API settings.       |
 | `/plugin-store`              | `PluginStoreComponent`    | Browse plugin sources and install/update plugins.                     |
 | `/plugins/:pluginId/:pageId` | `PluginPageHostComponent` | Host for plugin app pages registered with `api.ui.registerAppPage()`. |

docs-site/docs/developer/llm-plugin-builder-guide.md

@@ -124,7 +124,7 @@ Important routes:
 
 | Route                           | Purpose                                                             |
 | ------------------------------- | ------------------------------------------------------------------- |
-| `/search`                       | Search and join servers.                                            |
+| `/servers`                      | Search, discover, and join servers.                                 |
 | `/room/:roomId`                 | Main server workspace with text, voice, members, and plugin panels. |
 | `/dm` and `/dm/:conversationId` | Direct-message workspace.                                           |
 | `/settings`                     | App, voice, server, plugin, desktop, theme, and local API settings. |

e2e/helpers/app-menu.ts

@@ -0,0 +1,20 @@
+import { expect, type Page } from '@playwright/test';
+
+export async function openTitleBarMenu(page: Page): Promise<void> {
+  const menuButton = page.getByRole('button', { name: 'Menu' });
+
+  await expect(menuButton).toBeVisible({ timeout: 15_000 });
+  await menuButton.click();
+  await expect(page.locator('app-title-bar .absolute.right-0.top-full').first()).toBeVisible({ timeout: 10_000 });
+}
+
+export async function openPluginStore(page: Page): Promise<void> {
+  await openTitleBarMenu(page);
+  await page.getByRole('button', { name: 'Plugin Store' }).click();
+  await expect(page).toHaveURL(/\/plugin-store/, { timeout: 20_000 });
+}
+
+export async function openSettingsFromMenu(page: Page): Promise<void> {
+  await openTitleBarMenu(page);
+  await page.getByRole('button', { name: 'Settings' }).click();
+}

e2e/helpers/auth-api.ts

@@ -1,6 +1,7 @@
 import { type APIRequestContext, type Page } from '@playwright/test';
 
 export const AUTH_TOKENS_STORAGE_KEY = 'metoyou.authTokens';
+export const SIGNAL_SERVER_CREDENTIALS_STORAGE_KEY = 'metoyou.signalServerCredentials';
 
 export interface AuthSession {
   id: string;
@@ -56,6 +57,36 @@ export async function loginTestUser(
   return await response.json() as AuthSession;
 }
 
+export async function readSignalServerCredentialFromPage(
+  page: Page,
+  serverUrl: string
+): Promise<{ userId: string; token: string; username: string } | null> {
+  return await page.evaluate(({ storageKey, url }) => {
+    try {
+      const store = JSON.parse(localStorage.getItem(storageKey) || '{}') as Record<string, {
+        userId: string;
+        token: string;
+        username: string;
+        expiresAt: number;
+      }>;
+      const normalizedUrl = url.trim().replace(/\/+$/, '');
+      const entry = store[normalizedUrl];
+
+      if (!entry || entry.expiresAt <= Date.now()) {
+        return null;
+      }
+
+      return {
+        userId: entry.userId,
+        token: entry.token,
+        username: entry.username
+      };
+    } catch {
+      return null;
+    }
+  }, { storageKey: SIGNAL_SERVER_CREDENTIALS_STORAGE_KEY, url: serverUrl });
+}
+
 export async function readAuthTokenFromPage(page: Page, serverUrl: string): Promise<string | null> {
   return await page.evaluate(({ storageKey, url }) => {
     try {

e2e/helpers/dashboard.ts

@@ -0,0 +1,11 @@
+import { expect, type Page } from '@playwright/test';
+
+/** Dashboard omnibox (desktop placeholder copy changed with i18n refresh). */
+export function dashboardSearchInput(page: Page) {
+  return page.getByRole('textbox', { name: 'Search people, servers, and invites' });
+}
+
+export async function expectDashboardReady(page: Page, timeout = 30_000): Promise<void> {
+  await expect(page).toHaveURL(/\/dashboard/, { timeout });
+  await expect(dashboardSearchInput(page)).toBeVisible({ timeout });
+}

e2e/helpers/multi-device-session.ts

@@ -41,7 +41,6 @@ export async function createMultiDeviceScenario(
     password: MULTI_DEVICE_PASSWORD
   };
   const serverName = `Multi Device Server ${suffix}`;
-
   const clientA = await createClient();
   const clientB = await createClient();
 
@@ -59,6 +58,7 @@ export async function createMultiDeviceScenario(
   await searchA.createServer(serverName, {
     description: options.serverDescription ?? 'Multi-device session coverage'
   });
+
   await expect(clientA.page).toHaveURL(/\/room\//, { timeout: 15_000 });
   await waitForCurrentRoomName(clientA.page, serverName);
 
@@ -115,7 +115,8 @@ export async function expectCrossDeviceMessage(
   await sender.sendMessage(message);
 
   await expect.poll(async () => {
-    return await receiver.getMessageItemByText(message).isVisible().catch(() => false);
+    return await receiver.getMessageItemByText(message).isVisible()
+      .catch(() => false);
   }, { timeout }).toBe(true);
 }
 
@@ -150,7 +151,15 @@ async function waitForCurrentRoomName(page: Page, roomName: string, timeout = 20
 }
 
 export async function readClientInstanceId(page: Page): Promise<string | null> {
-  return page.evaluate(() => localStorage.getItem('metoyou.clientInstanceId'));
+  return page.evaluate(() => {
+    const sessionId = sessionStorage.getItem('metoyou.clientInstanceId')?.trim();
+
+    if (sessionId) {
+      return sessionId;
+    }
+
+    return localStorage.getItem('metoyou.clientInstanceId')?.trim() ?? null;
+  });
 }
 
 export async function logoutFromMenu(page: Page): Promise<void> {
@@ -191,9 +200,14 @@ export async function expectPassiveVoiceOnDevice(
       .getByText('In voice on another device', { exact: false })
       .isVisible()
       .catch(() => false);
-    const joinBadge = await passiveVoiceChannelJoinBadge(page, channelName).isVisible().catch(() => false);
+    const joinBadge = await passiveVoiceChannelJoinBadge(page, channelName).isVisible()
+      .catch(() => false);
     const grayedVoiceUser = displayName
-      ? await channelsSidePanel(page).locator('.opacity-50').filter({ hasText: displayName }).first().isVisible().catch(() => false)
+      ? await channelsSidePanel(page).locator('.opacity-50')
+        .filter({ hasText: displayName })
+        .first()
+        .isVisible()
+        .catch(() => false)
       : false;
 
     return membersLabel || joinBadge || grayedVoiceUser;

e2e/helpers/plugin-store.ts

@@ -0,0 +1,19 @@
+import { expect, type Page } from '@playwright/test';
+
+export const E2E_PLUGIN_SOURCE_URL = 'http://localhost:4200/plugins/e2e-plugin-source.json';
+export const E2E_PLUGIN_TITLE = 'E2E All API Plugin';
+
+export async function addPluginSource(page: Page, sourceUrl = E2E_PLUGIN_SOURCE_URL): Promise<void> {
+  const sourceInput = page.getByLabel('Plugin source manifest URL');
+
+  await expect(sourceInput).toBeVisible({ timeout: 15_000 });
+  await sourceInput.click();
+  await sourceInput.fill(sourceUrl);
+  await expect(sourceInput).toHaveValue(sourceUrl, { timeout: 5_000 });
+
+  const addSourceButton = page.getByRole('button', { name: 'Add Source' });
+
+  await expect(addSourceButton).toBeEnabled({ timeout: 10_000 });
+  await addSourceButton.click();
+  await expect(page.getByRole('heading', { name: E2E_PLUGIN_TITLE })).toBeVisible({ timeout: 20_000 });
+}

e2e/helpers/webrtc-helpers.ts

@@ -1,15 +1,19 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
-import { type Page } from '@playwright/test';
+import { type BrowserContext, type Page } from '@playwright/test';
 
 /**
  * Install RTCPeerConnection monkey-patch on a page BEFORE navigating.
  * Tracks all created peer connections and their remote tracks so tests
  * can inspect WebRTC state via `page.evaluate()`.
  *
- * Call immediately after page creation, before any `goto()`.
+ * Call on the browser context (preferred) or page before any `goto()`.
  */
-export async function installWebRTCTracking(page: Page): Promise<void> {
-  await page.addInitScript(() => {
+export async function installWebRTCTracking(target: BrowserContext | Page): Promise<void> {
+  const addInitScript = 'addInitScript' in target && typeof target.addInitScript === 'function'
+    ? target.addInitScript.bind(target)
+    : (target as Page).addInitScript.bind(target);
+
+  await addInitScript(() => {
     const connections: RTCPeerConnection[] = [];
     const dataChannels: RTCDataChannel[] = [];
     const syntheticMediaResources: {
@@ -197,6 +201,7 @@ export async function waitForPeerConnected(page: Page, timeout = 30_000): Promis
     () => (window as any).__rtcConnections?.some(
       (pc: RTCPeerConnection) => pc.connectionState === 'connected'
     ) ?? false,
+    undefined,
     { timeout }
   );
 }
@@ -611,6 +616,7 @@ export async function waitForAudioStatsPresent(page: Page, timeout = 15_000): Pr
 
       return false;
     },
+    undefined,
     { timeout }
   );
 }
@@ -818,6 +824,7 @@ export async function waitForVideoStatsPresent(page: Page, timeout = 15_000): Pr
 
       return false;
     },
+    undefined,
     { timeout }
   );
 }

e2e/tests/auth/multi-device-session.spec.ts

@@ -1,7 +1,4 @@
-import {
-  test,
-  expect
-} from '../../fixtures/multi-client';
+import { test, expect } from '../../fixtures/multi-client';
 import {
   MULTI_DEVICE_VOICE_CHANNEL,
   channelsSidePanel,
@@ -57,13 +54,17 @@ test.describe('Multi-device session', () => {
       await expectPassiveVoiceOnDevice(scenario.clientB.page, {
         displayName: scenario.credentials.displayName
       });
+
       await expect(
         membersSidePanel(scenario.clientB.page).getByText('In voice on another device', { exact: false })
       ).toBeVisible({ timeout: 20_000 });
+
       await expect(
-        channelsSidePanel(scenario.clientB.page).locator('.opacity-50').filter({
-          hasText: scenario.credentials.displayName
-        }).first()
+        channelsSidePanel(scenario.clientB.page).locator('.opacity-50')
+          .filter({
+            hasText: scenario.credentials.displayName
+          })
+          .first()
       ).toBeVisible({ timeout: 20_000 });
     });
 

e2e/tests/auth/multi-signal-server-auth.spec.ts

@@ -0,0 +1,111 @@
+import { expect } from '@playwright/test';
+import { test } from '../../fixtures/multi-client';
+import { openSettingsFromMenu } from '../../helpers/app-menu';
+import { expectDashboardReady } from '../../helpers/dashboard';
+import { installTestServerEndpoints } from '../../helpers/seed-test-endpoint';
+import { startTestServer } from '../../helpers/test-server';
+import {
+  readAuthTokenFromPage,
+  readSignalServerCredentialFromPage,
+  registerTestUser
+} from '../../helpers/auth-api';
+import { RegisterPage } from '../../pages/register.page';
+
+const PRIMARY_ENDPOINT_ID = 'e2e-multi-auth-primary';
+const USER_PASSWORD = 'TestPass123!';
+
+test.describe('Multi-signal-server authentication', () => {
+  test.describe.configure({ timeout: 180_000 });
+
+  test('auto-provisions a foreign signal server when a new endpoint is added', async ({ createClient, request }) => {
+    const primaryServer = await startTestServer();
+    const secondaryServer = await startTestServer();
+
+    try {
+      const client = await createClient();
+      const suffix = `multi_auth_${Date.now()}`;
+      const username = `user_${suffix}`;
+
+      await installTestServerEndpoints(client.context, [
+        {
+          id: PRIMARY_ENDPOINT_ID,
+          name: 'E2E Primary Signal',
+          url: primaryServer.url,
+          isActive: true,
+          status: 'online'
+        }
+      ]);
+
+      await test.step('Register on the home signal server', async () => {
+        const register = new RegisterPage(client.page);
+
+        await register.goto();
+        await register.register(username, 'Multi Auth User', USER_PASSWORD);
+        await expectDashboardReady(client.page);
+      });
+
+      await test.step('Add a second signal server in network settings', async () => {
+        await openSettingsFromMenu(client.page);
+        await client.page.getByRole('button', { name: 'Network' }).click();
+
+        await client.page.getByPlaceholder('Server name').fill('E2E Secondary Signal');
+        await client.page.getByPlaceholder('Server URL (e.g., http://localhost:3001)').fill(secondaryServer.url);
+        await client.page.getByTestId('add-signal-server-button').click();
+
+        await expect(client.page.getByText(secondaryServer.url)).toBeVisible({ timeout: 15_000 });
+      });
+
+      await test.step('Wait for auto-provisioned credentials on the secondary server', async () => {
+        await expect.poll(async () =>
+          await readSignalServerCredentialFromPage(client.page, secondaryServer.url),
+        { timeout: 30_000 }
+        ).not.toBeNull();
+
+        const homeToken = await readAuthTokenFromPage(client.page, primaryServer.url);
+        const secondaryCredential = await readSignalServerCredentialFromPage(client.page, secondaryServer.url);
+
+        expect(homeToken).toBeTruthy();
+        expect(secondaryCredential?.username).toBe(username);
+        expect(secondaryCredential?.token).toBeTruthy();
+      });
+
+      await test.step('Secondary credential can call authenticated APIs', async () => {
+        const secondaryCredential = await readSignalServerCredentialFromPage(client.page, secondaryServer.url);
+
+        if (!secondaryCredential) {
+          throw new Error('Expected secondary signal-server credential to be provisioned');
+        }
+
+        const response = await request.post(`${secondaryServer.url}/api/servers`, {
+          headers: {
+            Authorization: `Bearer ${secondaryCredential.token}`,
+            'Content-Type': 'application/json'
+          },
+          data: {
+            name: `Secondary Provisioned Server ${suffix}`,
+            description: 'Created with auto-provisioned credentials',
+            ownerId: secondaryCredential.userId,
+            ownerPublicKey: 'e2e-secondary-owner-key'
+          }
+        });
+
+        expect(response.ok(), `POST /api/servers failed: ${response.status()} ${await response.text()}`).toBe(true);
+      });
+
+      await test.step('Home registration still works independently on the secondary server', async () => {
+        const otherUser = await registerTestUser(
+          request,
+          secondaryServer.url,
+          `other_${suffix}`,
+          USER_PASSWORD,
+          'Other User'
+        );
+
+        expect(otherUser.username).toBe(`other_${suffix}`);
+      });
+    } finally {
+      await primaryServer.stop();
+      await secondaryServer.stop();
+    }
+  });
+});

e2e/tests/chat/notifications.spec.ts

@@ -1,5 +1,6 @@
 import {
   expect,
+  type BrowserContext,
   type Locator,
   type Page
 } from '@playwright/test';
@@ -35,6 +36,7 @@ test.describe('Chat notifications', () => {
       await clearDesktopNotifications(scenario.alice.page);
       await scenario.bobRoom.joinTextChannel(scenario.channelName);
       await scenario.bobMessages.sendMessage(message);
+      await expectUnreadCounts(scenario.alice.page, scenario.serverName, scenario.channelName);
     });
 
     await test.step('Alice receives a desktop notification with the channel preview', async () => {
@@ -67,8 +69,7 @@ test.describe('Chat notifications', () => {
     });
 
     await test.step('Alice still sees unread badges for the room and channel', async () => {
-      await expect(getUnreadBadge(getSavedRoomButton(scenario.alice.page, scenario.serverName))).toHaveText('1', { timeout: 20_000 });
-      await expect(getUnreadBadge(getTextChannelButton(scenario.alice.page, scenario.channelName))).toHaveText('1', { timeout: 20_000 });
+      await expectUnreadCounts(scenario.alice.page, scenario.serverName, scenario.channelName);
     });
 
     await test.step('Alice does not get a muted desktop popup', async () => {
@@ -96,7 +97,7 @@ async function createNotificationScenario(createClient: () => Promise<Client>):
   const alice = await createClient();
   const bob = await createClient();
 
-  await installDesktopNotificationSpy(alice.page);
+  await installDesktopNotificationSpy(alice.context);
 
   await registerUser(alice.page, aliceCredentials.username, aliceCredentials.displayName, aliceCredentials.password);
   await registerUser(bob.page, bobCredentials.username, bobCredentials.displayName, bobCredentials.password);
@@ -143,8 +144,8 @@ async function registerUser(page: Page, username: string, displayName: string, p
   await expect(page).toHaveURL(/\/dashboard/, { timeout: 15_000 });
 }
 
-async function installDesktopNotificationSpy(page: Page): Promise<void> {
-  await page.addInitScript(() => {
+async function installDesktopNotificationSpy(context: BrowserContext): Promise<void> {
+  await context.addInitScript(() => {
     const notifications: DesktopNotificationRecord[] = [];
 
     class MockNotification {
@@ -250,6 +251,11 @@ function getUnreadBadge(container: Locator): Locator {
   return container.locator('span.rounded-full').first();
 }
 
+async function expectUnreadCounts(page: Page, serverName: string, channelName: string): Promise<void> {
+  await expect(getUnreadBadge(getSavedRoomButton(page, serverName))).toHaveText('1', { timeout: 45_000 });
+  await expect(getUnreadBadge(getTextChannelButton(page, channelName))).toHaveText('1', { timeout: 45_000 });
+}
+
 function uniqueName(prefix: string): string {
   return `${prefix}-${Date.now()}-${Math.random().toString(36)
     .slice(2, 8)}`;

e2e/tests/chat/profile-avatar-sync.spec.ts

@@ -367,11 +367,10 @@ async function launchPersistentSession(
   });
 
   await installTestServerEndpoint(context, testServerPort);
+  await installWebRTCTracking(context);
 
   const page = context.pages()[0] ?? await context.newPage();
 
-  await installWebRTCTracking(page);
-
   return { context, page };
 }
 

e2e/tests/chat/server-icon-sync.spec.ts

@@ -196,11 +196,10 @@ async function launchPersistentSession(userDataDir: string, testServerPort: numb
   });
 
   await installTestServerEndpoint(context, testServerPort);
+  await installWebRTCTracking(context);
 
   const page = context.pages()[0] ?? (await context.newPage());
 
-  await installWebRTCTracking(page);
-
   return { context, page };
 }
 

e2e/tests/plugins/plugin-api-two-users.spec.ts

@@ -4,13 +4,20 @@ import {
   test,
   type Client
 } from '../../fixtures/multi-client';
+import { openPluginStore } from '../../helpers/app-menu';
+import {
+  addPluginSource,
+  E2E_PLUGIN_SOURCE_URL,
+  E2E_PLUGIN_TITLE
+} from '../../helpers/plugin-store';
+import { installWebRTCTracking } from '../../helpers/webrtc-helpers';
 import { ChatMessagesPage } from '../../pages/chat-messages.page';
 import { ChatRoomPage } from '../../pages/chat-room.page';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
 
-const PLUGIN_SOURCE_URL = 'http://localhost:4200/plugins/e2e-plugin-source.json';
-const PLUGIN_TITLE = 'E2E All API Plugin';
+const PLUGIN_SOURCE_URL = E2E_PLUGIN_SOURCE_URL;
+const PLUGIN_TITLE = E2E_PLUGIN_TITLE;
 const EDITED_MESSAGE = 'Plugin API edited message';
 const ORIGINAL_MESSAGE = 'Plugin API original message';
 const DELETED_MESSAGE = 'Plugin API deleted message';
@@ -87,6 +94,9 @@ async function createPluginApiScenario(createClient: () => Promise<Client>): Pro
   const alice = await createClient();
   const bob = await createClient();
 
+  await installWebRTCTracking(alice.page);
+  await installWebRTCTracking(bob.page);
+
   await registerUser(alice.page, `alice_${suffix}`, 'Alice');
   await registerUser(bob.page, `bob_${suffix}`, 'Bob');
 
@@ -98,13 +108,10 @@ async function createPluginApiScenario(createClient: () => Promise<Client>): Pro
   const aliceRoom = new ChatRoomPage(alice.page);
 
   await aliceRoom.ensureVoiceChannelExists(VOICE_CHANNEL);
-  await installGrantAndActivatePlugin(alice.page, true);
-  await closeSettingsModal(alice.page);
-  await expect(soundboardComposerButton(alice.page)).toBeVisible({ timeout: 20_000 });
 
   const bobSearch = new ServerSearchPage(bob.page);
 
-  await bobSearch.joinServerFromSearch(serverName, { acceptPluginDownloads: true });
+  await bobSearch.joinServerFromSearch(serverName);
   await expect(bob.page).toHaveURL(/\/room\//, { timeout: 30_000 });
 
   const bobRoom = new ChatRoomPage(bob.page);
@@ -113,6 +120,9 @@ async function createPluginApiScenario(createClient: () => Promise<Client>): Pro
   await bobRoom.joinVoiceChannel(VOICE_CHANNEL);
   await expect(aliceRoom.voiceControls).toBeVisible({ timeout: 30_000 });
   await expect(bobRoom.voiceControls).toBeVisible({ timeout: 30_000 });
+  await installGrantAndActivatePlugin(alice.page, true);
+  await closeSettingsModal(alice.page);
+  await expect(soundboardComposerButton(alice.page)).toBeVisible({ timeout: 20_000 });
 
   const aliceMessages = new ChatMessagesPage(alice.page);
   const bobMessages = new ChatMessagesPage(bob.page);
@@ -141,14 +151,11 @@ async function registerUser(page: Page, username: string, displayName: string):
 }
 
 async function installGrantAndActivatePlugin(page: Page, installFromStore: boolean): Promise<void> {
-  await page.getByRole('button', { name: 'Plugin Store' }).click();
-  await expect(page).toHaveURL(/\/plugin-store/, { timeout: 20_000 });
+  await openPluginStore(page);
   await expect(page.getByTestId('plugin-store-page')).toBeVisible({ timeout: 20_000 });
 
   if (installFromStore) {
-    await page.getByLabel('Plugin source manifest URL').fill(PLUGIN_SOURCE_URL);
-    await page.getByRole('button', { name: 'Add Source' }).click();
-    await expect(page.getByRole('heading', { name: PLUGIN_TITLE })).toBeVisible({ timeout: 20_000 });
+    await addPluginSource(page, PLUGIN_SOURCE_URL);
     await page.locator('article', { hasText: PLUGIN_TITLE }).getByRole('button', { exact: true, name: /^(Install|Install to Server)$/ })
       .click();
 

e2e/tests/plugins/plugin-manager-ui.spec.ts

@@ -1,4 +1,7 @@
 import { expect, test } from '../../fixtures/multi-client';
+import { openPluginStore } from '../../helpers/app-menu';
+import { expectDashboardReady } from '../../helpers/dashboard';
+import { addPluginSource } from '../../helpers/plugin-store';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
 
@@ -15,7 +18,7 @@ test.describe('Plugin manager UI', () => {
     await test.step('Register user and create server context', async () => {
       await register.goto();
       await register.register(`plugin_${suffix}`, 'Plugin Tester', 'TestPass123!');
-      await expect(page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(page);
       await search.createServer(`Plugin API Server ${suffix}`, {
         description: 'Plugin manager UI E2E coverage'
       });
@@ -23,16 +26,13 @@ test.describe('Plugin manager UI', () => {
       await expect(page).toHaveURL(/\/room\//, { timeout: 30_000 });
     });
 
-    await test.step('Open visible Plugin Store button', async () => {
-      await page.getByRole('button', { name: 'Plugin Store' }).click();
-      await expect(page).toHaveURL(/\/plugin-store/, { timeout: 10_000 });
+    await test.step('Open Plugin Store from the title-bar menu', async () => {
+      await openPluginStore(page);
       await expect(page.getByTestId('plugin-store-page')).toBeVisible({ timeout: 10_000 });
     });
 
     await test.step('Install fixture plugin from source manifest', async () => {
-      await page.getByLabel('Plugin source manifest URL').fill('http://localhost:4200/plugins/e2e-plugin-source.json');
-      await page.getByRole('button', { name: 'Add Source' }).click();
-      await expect(page.getByRole('heading', { name: 'E2E All API Plugin' })).toBeVisible({ timeout: 15_000 });
+      await addPluginSource(page);
       const pluginCard = page.locator('article', { hasText: 'E2E All API Plugin' });
 
       await pluginCard.getByRole('button', { name: 'Readme' }).click();

e2e/tests/settings/connectivity-warning.spec.ts

@@ -1,4 +1,5 @@
 import { test, expect } from '../../fixtures/multi-client';
+import { expectDashboardReady } from '../../helpers/dashboard';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
 import { ChatRoomPage } from '../../pages/chat-room.page';
@@ -88,7 +89,7 @@ test.describe('Connectivity warning', () => {
 
       await register.goto();
       await register.register(`alice_${suffix}`, 'Alice', 'TestPass123!');
-      await expect(alice.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(alice.page);
     });
 
     await test.step('Register Bob', async () => {
@@ -96,7 +97,7 @@ test.describe('Connectivity warning', () => {
 
       await register.goto();
       await register.register(`bob_${suffix}`, 'Bob', 'TestPass123!');
-      await expect(bob.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(bob.page);
     });
 
     await test.step('Register Charlie', async () => {
@@ -104,7 +105,7 @@ test.describe('Connectivity warning', () => {
 
       await register.goto();
       await register.register(`charlie_${suffix}`, 'Charlie', 'TestPass123!');
-      await expect(charlie.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(charlie.page);
     });
 
     // ── Create server and have everyone join ──

e2e/tests/settings/ice-server-settings.spec.ts

@@ -1,4 +1,6 @@
 import { test, expect } from '../../fixtures/multi-client';
+import { openSettingsFromMenu } from '../../helpers/app-menu';
+import { expectDashboardReady } from '../../helpers/dashboard';
 import { RegisterPage } from '../../pages/register.page';
 
 test.describe('ICE server settings', () => {
@@ -9,8 +11,8 @@ test.describe('ICE server settings', () => {
 
     await register.goto();
     await register.register(`user_${suffix}`, 'IceTestUser', 'TestPass123!');
-    await expect(page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
-    await page.getByTitle('Settings').click();
+    await expectDashboardReady(page);
+    await openSettingsFromMenu(page);
     await expect(page.getByRole('button', { name: 'Network' })).toBeVisible({ timeout: 10_000 });
     await page.getByRole('button', { name: 'Network' }).click();
     await expect(page.getByTestId('ice-server-settings')).toBeVisible({ timeout: 10_000 });
@@ -101,7 +103,7 @@ test.describe('ICE server settings', () => {
       await expect(page.getByText('stun:persist-test.example.com:3478')).toBeVisible({ timeout: 5_000 });
 
       await page.reload({ waitUntil: 'domcontentloaded' });
-      await page.getByTitle('Settings').click();
+      await openSettingsFromMenu(page);
       await expect(page.getByRole('button', { name: 'Network' })).toBeVisible({ timeout: 10_000 });
       await page.getByRole('button', { name: 'Network' }).click();
       await expect(page.getByText('stun:persist-test.example.com:3478')).toBeVisible({ timeout: 10_000 });

e2e/tests/settings/stun-turn-fallback.spec.ts

@@ -1,4 +1,5 @@
 import { test, expect } from '../../fixtures/multi-client';
+import { expectDashboardReady } from '../../helpers/dashboard';
 import { RegisterPage } from '../../pages/register.page';
 import { ServerSearchPage } from '../../pages/server-search.page';
 import { ChatRoomPage } from '../../pages/chat-room.page';
@@ -89,7 +90,7 @@ test.describe('STUN/TURN fallback behaviour', () => {
 
       await register.goto();
       await register.register(`alice_${suffix}`, 'Alice', 'TestPass123!');
-      await expect(alice.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(alice.page);
     });
 
     await test.step('Register Bob', async () => {
@@ -97,7 +98,7 @@ test.describe('STUN/TURN fallback behaviour', () => {
 
       await register.goto();
       await register.register(`bob_${suffix}`, 'Bob', 'TestPass123!');
-      await expect(bob.page.getByPlaceholder('Search people, servers, or paste an invite...')).toBeVisible({ timeout: 30_000 });
+      await expectDashboardReady(bob.page);
     });
 
     await test.step('Alice creates a server', async () => {

electron/api/provision-secret-store.ts

@@ -0,0 +1,60 @@
+import { safeStorage } from 'electron';
+import {
+  mkdir,
+  readFile,
+  writeFile
+} from 'fs/promises';
+import path from 'path';
+import { app } from 'electron';
+
+const STORAGE_DIR_NAME = 'provision-secrets';
+
+function getStorageDir(): string {
+  return path.join(app.getPath('userData'), STORAGE_DIR_NAME);
+}
+
+function getSecretFilePath(homeUserId: string): string {
+  return path.join(getStorageDir(), `${homeUserId}.bin`);
+}
+
+async function ensureStorageDir(): Promise<void> {
+  await mkdir(getStorageDir(), { recursive: true });
+}
+
+export async function storeProvisionSecret(homeUserId: string, secret: string): Promise<boolean> {
+  if (!homeUserId.trim() || !secret) {
+    return false;
+  }
+
+  await ensureStorageDir();
+
+  if (!safeStorage.isEncryptionAvailable()) {
+    await writeFile(getSecretFilePath(homeUserId), secret, 'utf8');
+    return true;
+  }
+
+  const encrypted = safeStorage.encryptString(secret);
+
+  await writeFile(getSecretFilePath(homeUserId), encrypted);
+
+  return true;
+}
+
+export async function getProvisionSecret(homeUserId: string): Promise<string | null> {
+  if (!homeUserId.trim()) {
+    return null;
+  }
+
+  try {
+    const filePath = getSecretFilePath(homeUserId);
+    const payload = await readFile(filePath);
+
+    if (!safeStorage.isEncryptionAvailable()) {
+      return payload.toString('utf8');
+    }
+
+    return safeStorage.decryptString(payload);
+  } catch {
+    return null;
+  }
+}

electron/ipc/system.ts

@@ -20,6 +20,7 @@ import {
   type DesktopSettings
 } from '../desktop-settings';
 import { applyLocalApiSettings, getLocalApiSnapshot } from '../api';
+import { getProvisionSecret, storeProvisionSecret } from '../api/provision-secret-store';
 import {
   activateLinuxScreenShareAudioRouting,
   deactivateLinuxScreenShareAudioRouting,
@@ -62,7 +63,11 @@ import { listRunningProcessNames } from '../process-list';
 import { detectActiveGame } from '../game-detection';
 import { collectAppMetricsSnapshot } from '../app-metrics';
 import { clearAllTokens } from '../api/auth-store';
-import { assertPathUnderUserData, grantPluginReadRoot, resolveReadablePath } from '../path-jail';
+import {
+  assertPathUnderUserData,
+  grantPluginReadRoot,
+  resolveReadablePath
+} from '../path-jail';
 
 const DEFAULT_MIME_TYPE = 'application/octet-stream';
 const MAX_ACTIVE_DESKTOP_NOTIFICATIONS = 20;
@@ -380,6 +385,14 @@ export function setupSystemHandlers(): void {
 
   ipcMain.handle('get-app-metrics', () => collectAppMetricsSnapshot());
 
+  ipcMain.handle('store-provision-secret', async (_event, homeUserId: string, secret: string) =>
+    await storeProvisionSecret(homeUserId, secret)
+  );
+
+  ipcMain.handle('get-provision-secret', async (_event, homeUserId: string) =>
+    await getProvisionSecret(homeUserId)
+  );
+
   ipcMain.handle('get-app-data-path', () => app.getPath('userData'));
   ipcMain.handle('open-current-data-folder', async () => await openCurrentDataFolder());
   ipcMain.handle('export-user-data', async () => await exportUserData());

electron/path-jail.spec.ts

@@ -37,8 +37,10 @@ describe('path-jail', () => {
 
   it('accepts cached plugin bundle paths under plugin-bundles', async () => {
     const bundleDir = path.join(tempRoot, 'plugin-bundles', 'example.plugin', '1.0.0');
+
     fs.mkdirSync(bundleDir, { recursive: true });
     const bundlePath = path.join(bundleDir, 'main.js');
+
     fs.writeFileSync(bundlePath, 'export default {}');
 
     await expect(assertPathUnderRoot(tempRoot, bundlePath)).resolves.toBe(bundlePath);
@@ -59,6 +61,7 @@ describe('path-jail', () => {
   it('allows user-granted plugin source roots outside app data', async () => {
     const externalRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'metoyou-plugin-source-'));
     const manifestPath = path.join(externalRoot, 'plugin-source.json');
+
     fs.writeFileSync(manifestPath, '{}');
 
     grantPluginReadRoot(externalRoot);

electron/preload.ts

@@ -346,6 +346,9 @@ export interface ElectronAPI {
 
   command: <T = unknown>(command: Command) => Promise<T>;
   query: <T = unknown>(query: Query) => Promise<T>;
+
+  storeProvisionSecret: (homeUserId: string, secret: string) => Promise<boolean>;
+  getProvisionSecret: (homeUserId: string) => Promise<string | null>;
 }
 
 const electronAPI: ElectronAPI = {
@@ -502,7 +505,10 @@ const electronAPI: ElectronAPI = {
   },
 
   command: (command) => ipcRenderer.invoke('cqrs:command', command),
-  query: (query) => ipcRenderer.invoke('cqrs:query', query)
+  query: (query) => ipcRenderer.invoke('cqrs:query', query),
+
+  storeProvisionSecret: (homeUserId, secret) => ipcRenderer.invoke('store-provision-secret', homeUserId, secret),
+  getProvisionSecret: (homeUserId) => ipcRenderer.invoke('get-provision-secret', homeUserId)
 };
 
 contextBridge.exposeInMainWorld('electronAPI', electronAPI);

server/src/app.ts

@@ -41,7 +41,7 @@ function buildCorsOptions() {
 export function createApp(): express.Express {
   const app = express();
 
-  // Trust loopback proxies only — avoids express-rate-limit ERR_ERL_PERMISSIVE_TRUST_PROXY.
+  // Trust loopback proxies only - avoids express-rate-limit ERR_ERL_PERMISSIVE_TRUST_PROXY.
   app.set('trust proxy', 'loopback');
   app.use(cors(buildCorsOptions()));
   app.use(express.json());

server/src/routes/user-registration.rules.spec.ts

@@ -0,0 +1,30 @@
+import {
+  describe,
+  it,
+  expect
+} from 'vitest';
+import { isDuplicateUsernameError } from './user-registration.rules';
+
+describe('user-registration.rules', () => {
+  it('detects sqlite unique constraint failures on username', () => {
+    expect(isDuplicateUsernameError({
+      message: 'UNIQUE constraint failed: users.username'
+    })).toBe(true);
+  });
+
+  it('detects typeorm query failed errors with username constraint text', () => {
+    expect(isDuplicateUsernameError({
+      name: 'QueryFailedError',
+      message: 'SQLITE_CONSTRAINT: UNIQUE constraint failed: users.username'
+    })).toBe(true);
+  });
+
+  it('ignores unrelated database errors', () => {
+    expect(isDuplicateUsernameError({
+      message: 'UNIQUE constraint failed: servers.id'
+    })).toBe(false);
+
+    expect(isDuplicateUsernameError(new Error('connection lost'))).toBe(false);
+    expect(isDuplicateUsernameError(null)).toBe(false);
+  });
+});

server/src/routes/user-registration.rules.ts

@@ -0,0 +1,11 @@
+export function isDuplicateUsernameError(error: unknown): boolean {
+  if (!error || typeof error !== 'object') {
+    return false;
+  }
+
+  const message = 'message' in error && typeof error.message === 'string'
+    ? error.message
+    : '';
+
+  return message.includes('UNIQUE constraint failed: users.username');
+}

server/src/routes/users.ts

@@ -10,6 +10,7 @@ import {
 import { hashPasswordForStorage, verifyPassword } from '../services/password-auth.service';
 import { issueSessionToken, revokeSessionToken } from '../services/session-auth.service';
 import { getAuthenticatedUserId, requireAuth } from '../middleware/require-auth';
+import { isDuplicateUsernameError } from './user-registration.rules';
 
 const router = Router();
 
@@ -46,7 +47,16 @@ router.post('/register', async (req, res) => {
     createdAt: Date.now()
   };
 
-  await registerUser(user);
+  try {
+    await registerUser(user);
+  } catch (error) {
+    if (isDuplicateUsernameError(error)) {
+      return res.status(409).json({ error: 'Username taken' });
+    }
+
+    throw error;
+  }
+
   const session = await issueSessionToken(user.id);
 
   res.status(201).json(buildAuthResponse(user, session.token, session.expiresAt));

server/src/websocket/broadcast.spec.ts

@@ -7,7 +7,11 @@ import {
 import { WebSocket } from 'ws';
 import { connectedUsers } from './state';
 import { ConnectedUser } from './types';
-import { broadcastToServer, findUserByOderId, findVoiceActiveConnection } from './broadcast';
+import {
+  broadcastToServer,
+  findUserByOderId,
+  findVoiceActiveConnection
+} from './broadcast';
 
 function createMockWs(): WebSocket & { sentMessages: string[] } {
   const sent: string[] = [];

server/src/websocket/handler-multi-client.spec.ts

@@ -134,12 +134,14 @@ describe('server websocket handler - multi-client sessions', () => {
       oderId: 'user-2',
       serverIds: new Set(['server-1'])
     });
+
     createConnectedUser('conn-passive', {
       authenticated: true,
       oderId: 'user-1',
       serverIds: new Set(['server-1']),
       clientInstanceId: 'device-passive'
     });
+
     const active = createConnectedUser('conn-active', {
       authenticated: true,
       oderId: 'user-1',
@@ -169,6 +171,7 @@ describe('server websocket handler - multi-client sessions', () => {
       serverIds: new Set(['server-1']),
       clientInstanceId: 'device-b'
     });
+
     const active = createConnectedUser('conn-active', {
       authenticated: true,
       oderId: 'user-1',
@@ -197,6 +200,7 @@ describe('server websocket handler - multi-client sessions', () => {
       connectionScope: 'ws://localhost:3001',
       clientInstanceId: 'device-a'
     });
+
     createConnectedUser('conn-new', {
       authenticated: false,
       connectionScope: 'ws://localhost:3001',
@@ -216,4 +220,50 @@ describe('server websocket handler - multi-client sessions', () => {
     expect((stale.ws as WebSocket & { closeCalled: boolean }).closeCalled).toBe(true);
     expect(connectedUsers.get('conn-new')?.authenticated).toBe(true);
   });
+
+  it('relays account_sync payloads to other connections for the same user', async () => {
+    createConnectedUser('conn-a1', {
+      authenticated: true,
+      oderId: 'user-1',
+      serverIds: new Set(['server-1']),
+      clientInstanceId: 'device-a'
+    });
+    const receiver = createConnectedUser('conn-a2', {
+      authenticated: true,
+      oderId: 'user-1',
+      serverIds: new Set(['server-1']),
+      clientInstanceId: 'device-b'
+    });
+
+    getSentMessages(receiver).length = 0;
+
+    await handleWebSocketMessage('conn-a1', {
+      type: 'account_sync',
+      clientInstanceId: 'device-a',
+      payload: {
+        type: 'friend-added',
+        userId: 'friend-1',
+        addedAt: 123
+      }
+    });
+
+    const messages = getSentMessages(receiver).map((raw) => JSON.parse(raw) as {
+      type: string;
+      payload?: { type: string; userId?: string };
+      clientInstanceId?: string;
+      fromUserId?: string;
+    });
+    const relay = messages.find((message) => message.type === 'account_sync');
+
+    expect(relay).toEqual({
+      type: 'account_sync',
+      clientInstanceId: 'device-a',
+      fromUserId: 'user-1',
+      payload: {
+        type: 'friend-added',
+        userId: 'friend-1',
+        addedAt: 123
+      }
+    });
+  });
 });

server/src/websocket/handler.ts

@@ -296,6 +296,11 @@ async function handleIdentify(user: ConnectedUser, message: WsMessage, connectio
   connectedUsers.set(connectionId, user);
   console.log(`User identified: ${user.displayName} (${user.oderId})`);
 
+  notifyOtherConnectionsForOderId(newOderId, {
+    type: 'account_sync_peer_online',
+    clientInstanceId: newClientInstanceId
+  }, connectionId);
+
   const voiceSnapshot = Array.from(connectedUsers.entries()).find(([otherConnectionId, otherUser]) =>
     otherConnectionId !== connectionId
     && otherUser.oderId === newOderId
@@ -541,6 +546,21 @@ function handleVoiceClientTakeover(user: ConnectedUser, message: WsMessage, conn
   }, connectionId);
 }
 
+function handleAccountSync(user: ConnectedUser, message: WsMessage, connectionId: string): void {
+  const payload = message['payload'];
+
+  if (!payload || typeof payload !== 'object' || typeof (payload as { type?: unknown }).type !== 'string') {
+    return;
+  }
+
+  notifyOtherConnectionsForOderId(user.oderId, {
+    type: 'account_sync',
+    clientInstanceId: normalizeClientInstanceId(message['clientInstanceId']) ?? user.clientInstanceId,
+    fromUserId: user.oderId,
+    payload
+  }, connectionId);
+}
+
 function handleTyping(user: ConnectedUser, message: WsMessage, connectionId: string): void {
   const typingSid = (message['serverId'] as string | undefined) ?? user.viewedServerId;
   const channelId = typeof message['channelId'] === 'string' && message['channelId'].trim() ? message['channelId'].trim() : 'general';
@@ -747,6 +767,10 @@ export async function handleWebSocketMessage(connectionId: string, message: WsMe
       handleVoiceClientTakeover(user, message, connectionId);
       break;
 
+    case 'account_sync':
+      handleAccountSync(user, message, connectionId);
+      break;
+
     case 'typing':
       handleTyping(user, message, connectionId);
       break;

toju-app/public/i18n/catalog/auth.json

@@ -29,6 +29,15 @@
       "prepareStateFailed": "Failed to prepare local user state.",
       "noCurrentUser": "No current user",
       "sessionExpired": "Your session expired. Please sign in again."
+    },
+    "authorize": {
+      "title": "Sign in to {{serverName}}",
+      "registerTitle": "Create account on {{serverName}}",
+      "description": "Your home account stays signed in. This only authorizes the selected signal server.",
+      "defaultServerName": "Signal Server"
+    },
+    "provision": {
+      "usernameCollision": "Username {{preferredUsername}} was taken on {{serverName}}. Created {{provisionedUsername}} instead."
     }
   }
 }

toju-app/public/i18n/catalog/servers.json

@@ -124,6 +124,7 @@
         "loading": "Loading invite...",
         "joining": "Joining {{name}}...",
         "redirectingLogin": "Redirecting to login...",
+        "redirectingAuthorize": "Authorizing signal server...",
         "missingInfo": "This invite link is missing required server information.",
         "acceptFailed": "Unable to accept this invite.",
         "banned": "You are banned from this server and cannot accept this invite.",

toju-app/public/i18n/catalog/settings.json

@@ -93,6 +93,11 @@
         "errors": {
           "invalidUrl": "Please enter a valid URL",
           "duplicateUrl": "This server URL already exists"
+        },
+        "auth": {
+          "authorized": "Authorized",
+          "needsSignIn": "Needs sign-in",
+          "signIn": "Sign in"
         }
       },
       "connection": {
@@ -116,6 +121,7 @@
         "turnUser": "User: {{username}}",
         "moveUp": "Move up (higher priority)",
         "moveDown": "Move down (lower priority)",
+        "remove": "Remove",
         "empty": "No ICE servers configured. P2P connections may fail across networks.",
         "addTitle": "Add ICE Server",
         "stunPlaceholder": "stun:stun.example.com:19302",

toju-app/public/i18n/en.json

@@ -59,6 +59,15 @@
       "prepareStateFailed": "Failed to prepare local user state.",
       "noCurrentUser": "No current user",
       "sessionExpired": "Your session expired. Please sign in again."
+    },
+    "authorize": {
+      "title": "Sign in to {{serverName}}",
+      "registerTitle": "Create account on {{serverName}}",
+      "description": "Your home account stays signed in. This only authorizes the selected signal server.",
+      "defaultServerName": "Signal Server"
+    },
+    "provision": {
+      "usernameCollision": "Username {{preferredUsername}} was taken on {{serverName}}. Created {{provisionedUsername}} instead."
     }
   },
   "call": {
@@ -1013,6 +1022,7 @@
         "loading": "Loading invite...",
         "joining": "Joining {{name}}...",
         "redirectingLogin": "Redirecting to login...",
+        "redirectingAuthorize": "Authorizing signal server...",
         "missingInfo": "This invite link is missing required server information.",
         "acceptFailed": "Unable to accept this invite.",
         "banned": "You are banned from this server and cannot accept this invite.",
@@ -1138,6 +1148,11 @@
         "errors": {
           "invalidUrl": "Please enter a valid URL",
           "duplicateUrl": "This server URL already exists"
+        },
+        "auth": {
+          "authorized": "Authorized",
+          "needsSignIn": "Needs sign-in",
+          "signIn": "Sign in"
         }
       },
       "connection": {
@@ -1161,6 +1176,7 @@
         "turnUser": "User: {{username}}",
         "moveUp": "Move up (higher priority)",
         "moveDown": "Move down (lower priority)",
+        "remove": "Remove",
         "empty": "No ICE servers configured. P2P connections may fail across networks.",
         "addTitle": "Add ICE Server",
         "stunPlaceholder": "stun:stun.example.com:19302",

toju-app/src/app/app.config.ts

@@ -17,6 +17,7 @@ import { usersReducer } from './store/users/users.reducer';
 import { roomsReducer } from './store/rooms/rooms.reducer';
 import { NotificationsEffects } from './domains/notifications';
 import { CustomEmojiSyncEffects } from './domains/custom-emoji';
+import { AccountSyncEffects } from './infrastructure/realtime/account-sync/account-sync.effects';
 import { MessagesEffects } from './store/messages/messages.effects';
 import { MessagesSyncEffects } from './store/messages/messages-sync.effects';
 import { UserAvatarEffects } from './store/users/user-avatar.effects';
@@ -45,6 +46,7 @@ export const appConfig: ApplicationConfig = {
     }),
     provideEffects([
       NotificationsEffects,
+      AccountSyncEffects,
       CustomEmojiSyncEffects,
       MessagesEffects,
       MessagesSyncEffects,

toju-app/src/app/core/platform/electron/electron-api.models.ts

@@ -323,6 +323,8 @@ export interface ElectronApi {
   copyImageToClipboard: (srcURL: string) => Promise<boolean>;
   command: <T = unknown>(command: ElectronCommand) => Promise<T>;
   query: <T = unknown>(query: ElectronQuery) => Promise<T>;
+  storeProvisionSecret?: (homeUserId: string, secret: string) => Promise<boolean>;
+  getProvisionSecret?: (homeUserId: string) => Promise<string | null>;
 }
 
 export type ElectronWindow = Window & {

toju-app/src/app/domains/authentication/application/services/auth-token-store.service.ts

@@ -18,6 +18,12 @@ export class AuthTokenStoreService {
   }
 
   getToken(serverUrl: string): string | null {
+    const entry = this.getTokenEntry(serverUrl);
+
+    return entry?.token ?? null;
+  }
+
+  getTokenEntry(serverUrl: string): StoredAuthToken | null {
     const normalizedUrl = this.normalizeServerUrl(serverUrl);
     const entry = this.readStore()[normalizedUrl];
 
@@ -30,7 +36,7 @@ export class AuthTokenStoreService {
       return null;
     }
 
-    return entry.token;
+    return entry;
   }
 
   clearToken(serverUrl: string): void {

toju-app/src/app/domains/authentication/application/services/authentication.service.ts

@@ -34,7 +34,13 @@ export class AuthenticationService {
   }
 
   private persistSessionToken(serverId: string | undefined, response: LoginResponse): void {
-    this.authTokenStore.setToken(this.resolveServerUrl(serverId), response.token, response.expiresAt);
+    const serverUrl = this.resolveServerUrl(serverId);
+
+    this.authTokenStore.setToken(serverUrl, response.token, response.expiresAt);
+  }
+
+  resolveServerUrlFor(serverId?: string): string {
+    return this.resolveServerUrl(serverId);
   }
 
   private endpointFor(serverId?: string): string {

toju-app/src/app/domains/authentication/application/services/message-signing.service.ts

@@ -101,10 +101,7 @@ export class MessageSigningService {
     const stored = this.readStoredKeyPair();
 
     if (stored) {
-      const [publicKey, privateKey] = await Promise.all([
-        crypto.subtle.importKey('jwk', stored.publicKeyJwk, { name: 'Ed25519' }, true, ['verify']),
-        crypto.subtle.importKey('jwk', stored.privateKeyJwk, { name: 'Ed25519' }, false, ['sign'])
-      ]);
+      const [publicKey, privateKey] = await Promise.all([crypto.subtle.importKey('jwk', stored.publicKeyJwk, { name: 'Ed25519' }, true, ['verify']), crypto.subtle.importKey('jwk', stored.privateKeyJwk, { name: 'Ed25519' }, false, ['sign'])]);
 
       return { publicKey, privateKey };
     }
@@ -114,10 +111,7 @@ export class MessageSigningService {
       true,
       ['sign', 'verify']
     );
-    const [publicKeyJwk, privateKeyJwk] = await Promise.all([
-      crypto.subtle.exportKey('jwk', generated.publicKey),
-      crypto.subtle.exportKey('jwk', generated.privateKey)
-    ]);
+    const [publicKeyJwk, privateKeyJwk] = await Promise.all([crypto.subtle.exportKey('jwk', generated.publicKey), crypto.subtle.exportKey('jwk', generated.privateKey)]);
 
     this.writeStoredKeyPair({ publicKeyJwk, privateKeyJwk });
 

toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.spec.ts

@@ -0,0 +1,65 @@
+import {
+  describe,
+  it,
+  expect,
+  beforeEach,
+  vi
+} from 'vitest';
+import { ProvisionSecretStoreService } from './provision-secret-store.service';
+import { ElectronBridgeService } from '../../../../core/platform/electron/electron-bridge.service';
+
+describe('ProvisionSecretStoreService', () => {
+  let service: ProvisionSecretStoreService;
+  let electronBridge: ElectronBridgeService;
+
+  beforeEach(() => {
+    const sessionStorageMap = new Map<string, string>();
+
+    vi.stubGlobal('sessionStorage', {
+      getItem: (key: string) => sessionStorageMap.get(key) ?? null,
+      setItem: (key: string, value: string) => { sessionStorageMap.set(key, value); },
+      removeItem: (key: string) => { sessionStorageMap.delete(key); },
+      clear: () => { sessionStorageMap.clear(); }
+    });
+
+    electronBridge = {
+      isAvailable: false,
+      getApi: () => null,
+      requireApi: () => {
+        throw new Error('Electron API is not available in this runtime.');
+      }
+    } as ElectronBridgeService;
+
+    service = new ProvisionSecretStoreService(electronBridge);
+  });
+
+  it('stores and retrieves provision secrets in session storage when electron is unavailable', async () => {
+    await service.storeSecret('home-user-1', 'secret-abc');
+    await expect(service.getSecret('home-user-1')).resolves.toBe('secret-abc');
+  });
+
+  it('uses electron secure storage when available', async () => {
+    const storeProvisionSecret = vi.fn(async () => true);
+    const getProvisionSecret = vi.fn(async () => 'electron-secret');
+
+    electronBridge = {
+      isAvailable: true,
+      getApi: () => ({
+        storeProvisionSecret,
+        getProvisionSecret
+      }),
+      requireApi: () => ({
+        storeProvisionSecret,
+        getProvisionSecret
+      })
+    } as unknown as ElectronBridgeService;
+
+    service = new ProvisionSecretStoreService(electronBridge);
+
+    await service.storeSecret('home-user-1', 'secret-abc');
+    await expect(service.getSecret('home-user-1')).resolves.toBe('electron-secret');
+
+    expect(storeProvisionSecret).toHaveBeenCalledWith('home-user-1', 'secret-abc');
+    expect(getProvisionSecret).toHaveBeenCalledWith('home-user-1');
+  });
+});

toju-app/src/app/domains/authentication/application/services/provision-secret-store.service.ts

@@ -0,0 +1,52 @@
+import { Injectable, inject } from '@angular/core';
+import { ElectronBridgeService } from '../../../../core/platform/electron/electron-bridge.service';
+
+const SESSION_STORAGE_PREFIX = 'metoyou.provisionSecret.';
+
+@Injectable({ providedIn: 'root' })
+export class ProvisionSecretStoreService {
+  private readonly electronBridge: ElectronBridgeService;
+
+  constructor(electronBridge: ElectronBridgeService = inject(ElectronBridgeService)) {
+    this.electronBridge = electronBridge;
+  }
+
+  async storeSecret(homeUserId: string, secret: string): Promise<void> {
+    const api = this.electronBridge.getApi();
+
+    if (api?.storeProvisionSecret) {
+      await api.storeProvisionSecret(homeUserId, secret);
+      return;
+    }
+
+    sessionStorage.setItem(this.sessionKey(homeUserId), secret);
+  }
+
+  async getSecret(homeUserId: string): Promise<string | null> {
+    const api = this.electronBridge.getApi();
+
+    if (api?.getProvisionSecret) {
+      return api.getProvisionSecret(homeUserId);
+    }
+
+    return sessionStorage.getItem(this.sessionKey(homeUserId));
+  }
+
+  async hasSecret(homeUserId: string): Promise<boolean> {
+    const secret = await this.getSecret(homeUserId);
+
+    return !!secret;
+  }
+
+  private sessionKey(homeUserId: string): string {
+    return `${SESSION_STORAGE_PREFIX}${homeUserId}`;
+  }
+}
+
+export function generateProvisionSecret(): string {
+  const bytes = new Uint8Array(32);
+
+  crypto.getRandomValues(bytes);
+
+  return Array.from(bytes, (byte) => byte.toString(16).padStart(2, '0')).join('');
+}

toju-app/src/app/domains/authentication/application/services/signal-server-auth.service.ts

@@ -0,0 +1,206 @@
+import { Injectable, inject } from '@angular/core';
+import { Store } from '@ngrx/store';
+import { firstValueFrom } from 'rxjs';
+import type { User } from '../../../../shared-kernel';
+import { selectCurrentUser } from '../../../../store/users/users.selectors';
+import type { LoginResponse } from '../../domain/models/authentication.model';
+import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
+import { ProvisionUsernameCollisionError } from '../../domain/logic/signal-server-provision.rules';
+import { type ResolvedSignalIdentity, resolveSignalIdentity } from '../../domain/logic/signal-server-credential-resolution.rules';
+import { resolveSelfPresenceUserIds } from '../../domain/logic/self-presence-identity.rules';
+import { AuthTokenStoreService } from './auth-token-store.service';
+import { ProvisionSecretStoreService, generateProvisionSecret } from './provision-secret-store.service';
+import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
+import { SignalServerProvisionerService, type ProvisionResult } from './signal-server-provisioner.service';
+import { SignalServerProvisionNoticeService } from './signal-server-provision-notice.service';
+
+export type EnsureProvisionedResult =
+  | { kind: 'existing'; credential: SignalServerCredential }
+  | { kind: 'provisioned'; result: ProvisionResult }
+  | { kind: 'skipped'; reason: 'no-home-user' | 'no-provision-secret' | 'already-valid' }
+  | { kind: 'collision'; error: ProvisionUsernameCollisionError };
+
+@Injectable({ providedIn: 'root' })
+export class SignalServerAuthService {
+  private readonly store = inject(Store);
+  private readonly credentialStore = inject(SignalServerCredentialStoreService);
+  private readonly authTokenStore = inject(AuthTokenStoreService);
+  private readonly provisionSecretStore = inject(ProvisionSecretStoreService);
+  private readonly provisioner = inject(SignalServerProvisionerService);
+  private readonly provisionNotice = inject(SignalServerProvisionNoticeService);
+  private readonly provisionInFlight = new Map<string, Promise<EnsureProvisionedResult>>();
+
+  getCredential(serverUrl: string): SignalServerCredential | null {
+    return this.credentialStore.getCredential(serverUrl);
+  }
+
+  hasValidCredential(serverUrl: string): boolean {
+    return this.credentialStore.hasValidCredential(serverUrl);
+  }
+
+  upsertCredentialFromLogin(
+    serverUrl: string,
+    response: LoginResponse,
+    options: { provisioned?: boolean } = {}
+  ): SignalServerCredential {
+    return this.provisioner.upsertManualCredential(serverUrl, response, options.provisioned ?? false);
+  }
+
+  clearCredential(serverUrl: string): void {
+    this.credentialStore.clearCredential(serverUrl);
+  }
+
+  migrateHomeCredential(user: Pick<User, 'id' | 'username' | 'displayName' | 'homeSignalServerUrl'>): void {
+    const homeSignalServerUrl = user.homeSignalServerUrl?.trim();
+
+    if (!homeSignalServerUrl || this.credentialStore.hasValidCredential(homeSignalServerUrl)) {
+      return;
+    }
+
+    const tokenEntry = this.authTokenStore.getTokenEntry(homeSignalServerUrl);
+
+    if (!tokenEntry) {
+      return;
+    }
+
+    this.credentialStore.upsertCredential({
+      serverUrl: homeSignalServerUrl,
+      userId: user.id,
+      username: user.username,
+      displayName: user.displayName,
+      token: tokenEntry.token,
+      expiresAt: tokenEntry.expiresAt,
+      provisioned: false
+    });
+  }
+
+  async ensureHomeProvisionSecret(homeUser: Pick<User, 'id'>, existingSecret?: string | null): Promise<string> {
+    const stored = existingSecret ?? await this.provisionSecretStore.getSecret(homeUser.id);
+
+    if (stored) {
+      return stored;
+    }
+
+    const generated = generateProvisionSecret();
+
+    await this.provisionSecretStore.storeSecret(homeUser.id, generated);
+
+    return generated;
+  }
+
+  async ensureProvisioned(serverUrl: string, homeUser?: User | null): Promise<EnsureProvisionedResult> {
+    const normalizedUrl = this.normalizeServerUrl(serverUrl);
+    const existing = this.credentialStore.getCredential(normalizedUrl);
+
+    if (existing) {
+      return { kind: 'existing', credential: existing };
+    }
+
+    const inFlight = this.provisionInFlight.get(normalizedUrl);
+
+    if (inFlight) {
+      return inFlight;
+    }
+
+    const provisionPromise = this.runProvision(normalizedUrl, homeUser);
+
+    this.provisionInFlight.set(normalizedUrl, provisionPromise);
+
+    try {
+      return await provisionPromise;
+    } finally {
+      this.provisionInFlight.delete(normalizedUrl);
+    }
+  }
+
+  resolveActorUserIdForServer(serverUrl: string | undefined, fallbackUserId: string): string {
+    if (!serverUrl?.trim()) {
+      return fallbackUserId;
+    }
+
+    const credential = this.getCredential(serverUrl);
+
+    return credential?.userId ?? fallbackUserId;
+  }
+
+  resolveSelfPresenceUserIdsForRoom(
+    currentUser: Pick<User, 'id' | 'oderId'> | null | undefined,
+    roomSourceUrl: string | undefined
+  ): ReadonlySet<string> {
+    const homeOderId = currentUser?.oderId || currentUser?.id;
+
+    return resolveSelfPresenceUserIds({
+      homeUserId: currentUser?.id,
+      homeOderId,
+      actorUserId: homeOderId
+        ? this.resolveActorUserIdForServer(roomSourceUrl, homeOderId)
+        : undefined
+    });
+  }
+
+  resolveCredentialForSignalUrl(
+    signalUrl: string,
+    homeUser?: Pick<User, 'id' | 'homeSignalServerUrl' | 'displayName'> | null
+  ): ResolvedSignalIdentity | null {
+    const httpUrl = signalUrl.replace(/^ws/i, 'http');
+
+    return resolveSignalIdentity(
+      this.credentialStore.getCredential(httpUrl),
+      this.authTokenStore.getTokenEntry(httpUrl),
+      homeUser
+    );
+  }
+
+  private async runProvision(
+    normalizedUrl: string,
+    homeUser?: User | null
+  ): Promise<EnsureProvisionedResult> {
+    const user = homeUser ?? await firstValueFrom(this.store.select(selectCurrentUser));
+
+    if (!user) {
+      return { kind: 'skipped', reason: 'no-home-user' };
+    }
+
+    const provisionSecret = await this.provisionSecretStore.getSecret(user.id);
+
+    if (!provisionSecret) {
+      return { kind: 'skipped', reason: 'no-provision-secret' };
+    }
+
+    try {
+      const result = await this.provisioner.provisionOnServer({
+        serverUrl: normalizedUrl,
+        homeUser: user,
+        provisionSecret
+      });
+
+      if (result.usedSuffix) {
+        this.provisionNotice.publish({
+          serverName: this.resolveServerDisplayName(normalizedUrl),
+          preferredUsername: user.username,
+          provisionedUsername: result.username
+        });
+      }
+
+      return { kind: 'provisioned', result };
+    } catch (error) {
+      if (error instanceof ProvisionUsernameCollisionError) {
+        return { kind: 'collision', error };
+      }
+
+      throw error;
+    }
+  }
+
+  private normalizeServerUrl(serverUrl: string): string {
+    return serverUrl.trim().replace(/\/+$/, '');
+  }
+
+  private resolveServerDisplayName(serverUrl: string): string {
+    try {
+      return new URL(serverUrl).hostname;
+    } catch {
+      return serverUrl;
+    }
+  }
+}

toju-app/src/app/domains/authentication/application/services/signal-server-authorize.service.ts

@@ -0,0 +1,68 @@
+import { Injectable, inject } from '@angular/core';
+import { Router } from '@angular/router';
+import { Store } from '@ngrx/store';
+import { firstValueFrom } from 'rxjs';
+import { selectCurrentUser } from '../../../../store/users/users.selectors';
+import { ServerDirectoryFacade } from '../../../server-directory';
+import { AUTH_MODE_AUTHORIZE, buildLoginReturnQueryParams } from '../../domain/logic/auth-navigation.rules';
+import { SignalServerAuthService } from './signal-server-auth.service';
+
+@Injectable({ providedIn: 'root' })
+export class SignalServerAuthorizeService {
+  private readonly router = inject(Router);
+  private readonly store = inject(Store);
+  private readonly serverDirectory = inject(ServerDirectoryFacade);
+  private readonly signalServerAuth = inject(SignalServerAuthService);
+
+  async ensureCredentialForServerUrl(serverUrl: string): Promise<boolean> {
+    if (this.signalServerAuth.hasValidCredential(serverUrl)) {
+      return true;
+    }
+
+    const currentUser = await firstValueFrom(this.store.select(selectCurrentUser));
+
+    if (!currentUser) {
+      return false;
+    }
+
+    const result = await this.signalServerAuth.ensureProvisioned(serverUrl, currentUser);
+
+    if (result.kind === 'existing' || result.kind === 'provisioned') {
+      return true;
+    }
+
+    if (result.kind === 'collision') {
+      await this.navigateToAuthorize(serverUrl, this.router.url);
+      return false;
+    }
+
+    if (result.kind === 'skipped' && result.reason === 'no-provision-secret') {
+      await this.navigateToAuthorize(serverUrl, this.router.url);
+      return false;
+    }
+
+    return false;
+  }
+
+  async navigateToAuthorize(serverUrl: string, returnUrl: string): Promise<void> {
+    const endpoint = this.serverDirectory.ensureServerEndpoint({
+      name: this.buildEndpointName(serverUrl),
+      url: serverUrl
+    });
+
+    await this.router.navigate(['/login'], {
+      queryParams: buildLoginReturnQueryParams(returnUrl, undefined, {
+        mode: AUTH_MODE_AUTHORIZE,
+        serverId: endpoint.id
+      })
+    });
+  }
+
+  private buildEndpointName(serverUrl: string): string {
+    try {
+      return new URL(serverUrl).hostname;
+    } catch {
+      return serverUrl;
+    }
+  }
+}

toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.spec.ts

@@ -0,0 +1,84 @@
+import {
+  describe,
+  it,
+  expect,
+  beforeEach
+} from 'vitest';
+import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
+import { AuthTokenStoreService } from './auth-token-store.service';
+
+describe('SignalServerCredentialStoreService', () => {
+  let service: SignalServerCredentialStoreService;
+
+  beforeEach(() => {
+    const storage = new Map<string, string>();
+
+    vi.stubGlobal('localStorage', {
+      getItem: (key: string) => storage.get(key) ?? null,
+      setItem: (key: string, value: string) => { storage.set(key, value); },
+      removeItem: (key: string) => { storage.delete(key); },
+      clear: () => { storage.clear(); }
+    });
+
+    service = new SignalServerCredentialStoreService(new AuthTokenStoreService());
+  });
+
+  it('stores and retrieves credentials by normalized server url', () => {
+    service.upsertCredential({
+      serverUrl: 'https://signal.example.com/',
+      userId: 'user-1',
+      username: 'alice',
+      displayName: 'Alice',
+      token: 'token-abc',
+      expiresAt: Date.now() + 60_000,
+      provisioned: true
+    });
+
+    const credential = service.getCredential('https://signal.example.com');
+
+    expect(credential?.userId).toBe('user-1');
+    expect(credential?.token).toBe('token-abc');
+  });
+
+  it('clears expired credentials on read', () => {
+    service.upsertCredential({
+      serverUrl: 'https://signal.example.com',
+      userId: 'user-1',
+      username: 'alice',
+      displayName: 'Alice',
+      token: 'expired',
+      expiresAt: Date.now() - 1,
+      provisioned: false
+    });
+
+    expect(service.getCredential('https://signal.example.com')).toBeNull();
+    expect(service.hasValidCredential('https://signal.example.com')).toBe(false);
+  });
+
+  it('removes credentials for a single server url', () => {
+    service.upsertCredential({
+      serverUrl: 'https://signal-a.example.com',
+      userId: 'user-a',
+      username: 'alice',
+      displayName: 'Alice',
+      token: 'token-a',
+      expiresAt: Date.now() + 60_000,
+      provisioned: true
+    });
+
+    service.upsertCredential({
+      serverUrl: 'https://signal-b.example.com',
+      userId: 'user-b',
+      username: 'alice',
+      displayName: 'Alice',
+      token: 'token-b',
+      expiresAt: Date.now() + 60_000,
+      provisioned: true
+    });
+
+    service.clearCredential('https://signal-a.example.com');
+
+    expect(service.getCredential('https://signal-a.example.com')).toBeNull();
+    expect(service.getCredential('https://signal-b.example.com')?.token).toBe('token-b');
+  });
+});

toju-app/src/app/domains/authentication/application/services/signal-server-credential-store.service.ts

@@ -0,0 +1,88 @@
+import { Injectable, inject } from '@angular/core';
+import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
+import { AuthTokenStoreService } from './auth-token-store.service';
+
+const STORAGE_KEY = 'metoyou.signalServerCredentials';
+
+@Injectable({ providedIn: 'root' })
+export class SignalServerCredentialStoreService {
+  private readonly authTokenStore: AuthTokenStoreService;
+
+  constructor(authTokenStore: AuthTokenStoreService = inject(AuthTokenStoreService)) {
+    this.authTokenStore = authTokenStore;
+  }
+
+  upsertCredential(credential: SignalServerCredential): void {
+    const normalizedUrl = this.normalizeServerUrl(credential.serverUrl);
+    const store = this.readStore();
+
+    store[normalizedUrl] = {
+      ...credential,
+      serverUrl: normalizedUrl
+    };
+
+    this.writeStore(store);
+    this.authTokenStore.setToken(normalizedUrl, credential.token, credential.expiresAt);
+  }
+
+  getCredential(serverUrl: string): SignalServerCredential | null {
+    const normalizedUrl = this.normalizeServerUrl(serverUrl);
+    const entry = this.readStore()[normalizedUrl];
+
+    if (!entry) {
+      return null;
+    }
+
+    if (entry.expiresAt <= Date.now()) {
+      this.clearCredential(serverUrl);
+      return null;
+    }
+
+    return entry;
+  }
+
+  hasValidCredential(serverUrl: string): boolean {
+    return this.getCredential(serverUrl) !== null;
+  }
+
+  clearCredential(serverUrl: string): void {
+    const normalizedUrl = this.normalizeServerUrl(serverUrl);
+    const store = this.readStore();
+    const nextStore = Object.fromEntries(
+      Object.entries(store).filter(([key]) => key !== normalizedUrl)
+    ) as Record<string, SignalServerCredential>;
+
+    this.writeStore(nextStore);
+    this.authTokenStore.clearToken(normalizedUrl);
+  }
+
+  listValidCredentials(): SignalServerCredential[] {
+    const now = Date.now();
+
+    return Object.values(this.readStore()).filter((entry) => entry.expiresAt > now);
+  }
+
+  private readStore(): Record<string, SignalServerCredential> {
+    try {
+      const raw = localStorage.getItem(STORAGE_KEY);
+
+      if (!raw) {
+        return {};
+      }
+
+      const parsed = JSON.parse(raw) as Record<string, SignalServerCredential>;
+
+      return parsed && typeof parsed === 'object' ? parsed : {};
+    } catch {
+      return {};
+    }
+  }
+
+  private writeStore(store: Record<string, SignalServerCredential>): void {
+    localStorage.setItem(STORAGE_KEY, JSON.stringify(store));
+  }
+
+  private normalizeServerUrl(serverUrl: string): string {
+    return serverUrl.trim().replace(/\/+$/, '');
+  }
+}

toju-app/src/app/domains/authentication/application/services/signal-server-provision-notice.service.ts

@@ -0,0 +1,20 @@
+import { Injectable, signal } from '@angular/core';
+
+export interface SignalServerProvisionNotice {
+  serverName: string;
+  preferredUsername: string;
+  provisionedUsername: string;
+}
+
+@Injectable({ providedIn: 'root' })
+export class SignalServerProvisionNoticeService {
+  readonly notice = signal<SignalServerProvisionNotice | null>(null);
+
+  publish(notice: SignalServerProvisionNotice): void {
+    this.notice.set(notice);
+  }
+
+  clear(): void {
+    this.notice.set(null);
+  }
+}

toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.spec.ts

@@ -0,0 +1,171 @@
+import {
+  describe,
+  it,
+  expect,
+  beforeEach,
+  vi
+} from 'vitest';
+import { of, throwError } from 'rxjs';
+import { HttpClient, HttpErrorResponse } from '@angular/common/http';
+import { SignalServerProvisionerService } from './signal-server-provisioner.service';
+import { AuthTokenStoreService } from './auth-token-store.service';
+import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
+import { ProvisionUsernameCollisionError } from '../../domain/logic/signal-server-provision.rules';
+import type { User } from '../../../../shared-kernel';
+
+describe('SignalServerProvisionerService', () => {
+  let service: SignalServerProvisionerService;
+  let httpPost: ReturnType<typeof vi.fn>;
+  let credentialStore: SignalServerCredentialStoreService;
+
+  const homeUser: User = {
+    id: 'a3f2b1c4-5678-90ab-cdef-1234567890ab',
+    oderId: 'a3f2b1c4-5678-90ab-cdef-1234567890ab',
+    username: 'alice',
+    displayName: 'Alice',
+    status: 'online',
+    role: 'member',
+    joinedAt: Date.now(),
+    homeSignalServerUrl: 'https://home.example.com'
+  };
+
+  beforeEach(() => {
+    const storage = new Map<string, string>();
+
+    vi.stubGlobal('localStorage', {
+      getItem: (key: string) => storage.get(key) ?? null,
+      setItem: (key: string, value: string) => { storage.set(key, value); },
+      removeItem: (key: string) => { storage.delete(key); },
+      clear: () => { storage.clear(); }
+    });
+
+    httpPost = vi.fn();
+    credentialStore = new SignalServerCredentialStoreService(new AuthTokenStoreService());
+    service = new SignalServerProvisionerService(
+      { post: httpPost } as unknown as HttpClient,
+      credentialStore
+    );
+  });
+
+  it('registers on a foreign server when the preferred username is available', async () => {
+    httpPost.mockReturnValue(of({
+      id: 'foreign-user-1',
+      username: 'alice',
+      displayName: 'Alice',
+      token: 'foreign-token',
+      expiresAt: Date.now() + 60_000
+    }));
+
+    const result = await service.provisionOnServer({
+      serverUrl: 'https://foreign.example.com',
+      homeUser,
+      provisionSecret: 'provision-secret'
+    });
+
+    expect(result.username).toBe('alice');
+    expect(result.usedSuffix).toBe(false);
+    expect(credentialStore.getCredential('https://foreign.example.com')?.userId).toBe('foreign-user-1');
+    expect(httpPost).toHaveBeenCalledWith(
+      'https://foreign.example.com/api/users/register',
+      {
+        username: 'alice',
+        password: 'provision-secret',
+        displayName: 'Alice'
+      }
+    );
+  });
+
+  it('logs in when the preferred username was provisioned earlier', async () => {
+    httpPost
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
+      .mockReturnValueOnce(of({
+        id: 'foreign-user-1',
+        username: 'alice',
+        displayName: 'Alice',
+        token: 'foreign-token',
+        expiresAt: Date.now() + 60_000
+      }));
+
+    const result = await service.provisionOnServer({
+      serverUrl: 'https://foreign.example.com',
+      homeUser,
+      provisionSecret: 'provision-secret'
+    });
+
+    expect(result.username).toBe('alice');
+    expect(httpPost).toHaveBeenNthCalledWith(
+      2,
+      'https://foreign.example.com/api/users/login',
+      {
+        username: 'alice',
+        password: 'provision-secret'
+      }
+    );
+  });
+
+  it('registers with a suffixed username when the preferred name belongs to someone else', async () => {
+    httpPost
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })))
+      .mockReturnValueOnce(of({
+        id: 'foreign-user-2',
+        username: 'alice-a3f2b1',
+        displayName: 'Alice',
+        token: 'foreign-token-2',
+        expiresAt: Date.now() + 60_000
+      }));
+
+    const result = await service.provisionOnServer({
+      serverUrl: 'https://foreign.example.com',
+      homeUser,
+      provisionSecret: 'provision-secret'
+    });
+
+    expect(result.username).toBe('alice-a3f2b1');
+    expect(result.usedSuffix).toBe(true);
+    expect(httpPost).toHaveBeenNthCalledWith(
+      3,
+      'https://foreign.example.com/api/users/register',
+      {
+        username: 'alice-a3f2b1',
+        password: 'provision-secret',
+        displayName: 'Alice'
+      }
+    );
+  });
+
+  it('throws when all username candidates are exhausted', async () => {
+    httpPost
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })))
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 409 })))
+      .mockReturnValueOnce(throwError(() => new HttpErrorResponse({ status: 401 })));
+
+    await expect(service.provisionOnServer({
+      serverUrl: 'https://foreign.example.com',
+      homeUser,
+      provisionSecret: 'provision-secret'
+    })).rejects.toBeInstanceOf(ProvisionUsernameCollisionError);
+  });
+
+  it('returns an existing credential without making network calls', async () => {
+    credentialStore.upsertCredential({
+      serverUrl: 'https://foreign.example.com',
+      userId: 'foreign-user-1',
+      username: 'alice',
+      displayName: 'Alice',
+      token: 'foreign-token',
+      expiresAt: Date.now() + 60_000,
+      provisioned: true
+    });
+
+    const result = await service.provisionOnServer({
+      serverUrl: 'https://foreign.example.com',
+      homeUser,
+      provisionSecret: 'provision-secret'
+    });
+
+    expect(result.username).toBe('alice');
+    expect(httpPost).not.toHaveBeenCalled();
+  });
+});

toju-app/src/app/domains/authentication/application/services/signal-server-provisioner.service.ts

@@ -0,0 +1,143 @@
+import { Injectable, inject } from '@angular/core';
+import { HttpClient, HttpErrorResponse } from '@angular/common/http';
+import { firstValueFrom } from 'rxjs';
+import type { User } from '../../../../shared-kernel';
+import type { LoginResponse } from '../../domain/models/authentication.model';
+import type { SignalServerCredential } from '../../domain/models/signal-server-credential.model';
+import { ProvisionUsernameCollisionError, buildProvisionUsernameCandidates } from '../../domain/logic/signal-server-provision.rules';
+import { SignalServerCredentialStoreService } from './signal-server-credential-store.service';
+
+export interface ProvisionResult {
+  credential: SignalServerCredential;
+  username: string;
+  usedSuffix: boolean;
+}
+
+@Injectable({ providedIn: 'root' })
+export class SignalServerProvisionerService {
+  private readonly http: HttpClient;
+  private readonly credentialStore: SignalServerCredentialStoreService;
+
+  constructor(
+    http: HttpClient = inject(HttpClient),
+    credentialStore: SignalServerCredentialStoreService = inject(SignalServerCredentialStoreService)
+  ) {
+    this.http = http;
+    this.credentialStore = credentialStore;
+  }
+
+  async provisionOnServer(params: {
+    serverUrl: string;
+    homeUser: Pick<User, 'id' | 'username' | 'displayName'>;
+    provisionSecret: string;
+  }): Promise<ProvisionResult> {
+    const normalizedUrl = this.normalizeServerUrl(params.serverUrl);
+    const existing = this.credentialStore.getCredential(normalizedUrl);
+
+    if (existing) {
+      return {
+        credential: existing,
+        username: existing.username,
+        usedSuffix: existing.username !== params.homeUser.username.trim()
+      };
+    }
+
+    const candidates = buildProvisionUsernameCandidates(params.homeUser.username, params.homeUser.id);
+
+    for (let index = 0; index < candidates.length; index += 1) {
+      const candidate = candidates[index];
+      const usedSuffix = index > 0;
+
+      try {
+        const response = await this.register(normalizedUrl, candidate, params.provisionSecret, params.homeUser.displayName);
+
+        return this.persistProvisionResult(normalizedUrl, response, usedSuffix);
+      } catch (error) {
+        if (!this.isHttpStatus(error, 409)) {
+          throw error;
+        }
+
+        try {
+          const response = await this.login(normalizedUrl, candidate, params.provisionSecret);
+
+          return this.persistProvisionResult(normalizedUrl, response, usedSuffix);
+        } catch (loginError) {
+          if (!this.isHttpStatus(loginError, 401)) {
+            throw loginError;
+          }
+        }
+      }
+    }
+
+    throw new ProvisionUsernameCollisionError(normalizedUrl, candidates);
+  }
+
+  upsertManualCredential(
+    serverUrl: string,
+    response: LoginResponse,
+    provisioned = false
+  ): SignalServerCredential {
+    const credential: SignalServerCredential = {
+      serverUrl: this.normalizeServerUrl(serverUrl),
+      userId: response.id,
+      username: response.username,
+      displayName: response.displayName,
+      token: response.token,
+      expiresAt: response.expiresAt,
+      provisioned
+    };
+
+    this.credentialStore.upsertCredential(credential);
+    return credential;
+  }
+
+  private async register(
+    serverUrl: string,
+    username: string,
+    password: string,
+    displayName: string
+  ): Promise<LoginResponse> {
+    return firstValueFrom(
+      this.http.post<LoginResponse>(`${serverUrl}/api/users/register`, {
+        username,
+        password,
+        displayName
+      })
+    );
+  }
+
+  private async login(
+    serverUrl: string,
+    username: string,
+    password: string
+  ): Promise<LoginResponse> {
+    return firstValueFrom(
+      this.http.post<LoginResponse>(`${serverUrl}/api/users/login`, {
+        username,
+        password
+      })
+    );
+  }
+
+  private persistProvisionResult(
+    serverUrl: string,
+    response: LoginResponse,
+    usedSuffix: boolean
+  ): ProvisionResult {
+    const credential = this.upsertManualCredential(serverUrl, response, true);
+
+    return {
+      credential,
+      username: response.username,
+      usedSuffix
+    };
+  }
+
+  private isHttpStatus(error: unknown, status: number): boolean {
+    return error instanceof HttpErrorResponse && error.status === status;
+  }
+
+  private normalizeServerUrl(serverUrl: string): string {
+    return serverUrl.trim().replace(/\/+$/, '');
+  }
+}

toju-app/src/app/domains/authentication/domain/logic/auth-navigation.rules.ts

@@ -9,6 +9,7 @@ import { UsersActions } from '../../../../store/users/users.actions';
 import type { User } from '../../../../shared-kernel';
 
 export const DEFAULT_POST_AUTH_URL = '/dashboard';
+export const AUTH_MODE_AUTHORIZE = 'authorize';
 
 const AUTH_ROUTE_PATHS = new Set(['/login', '/register']);
 const MAX_RETURN_URL_DEPTH = 10;
@@ -79,15 +80,27 @@ export function resolveSafeReturnUrl(
 
 export function buildLoginReturnQueryParams(
   currentUrl: string,
-  fallback = DEFAULT_POST_AUTH_URL
-): { returnUrl?: string } {
+  fallback = DEFAULT_POST_AUTH_URL,
+  extra: Record<string, string | undefined> = {}
+): Record<string, string> {
   const safeReturnUrl = resolveSafeReturnUrl(currentUrl, fallback);
+  const queryParams: Record<string, string> = {};
 
-  if (safeReturnUrl === fallback) {
-    return {};
+  if (safeReturnUrl !== fallback) {
+    queryParams['returnUrl'] = safeReturnUrl;
   }
 
-  return { returnUrl: safeReturnUrl };
+  for (const [key, value] of Object.entries(extra)) {
+    if (value?.trim()) {
+      queryParams[key] = value.trim();
+    }
+  }
+
+  return queryParams;
+}
+
+export function isAuthorizeAuthMode(mode: string | null | undefined): boolean {
+  return mode?.trim() === AUTH_MODE_AUTHORIZE;
 }
 
 export function waitForAuthenticationOutcome(

toju-app/src/app/domains/authentication/domain/logic/auth-session.rules.spec.ts

@@ -16,13 +16,9 @@ describe('auth-session.rules', () => {
   } as Pick<User, 'homeSignalServerUrl'>;
 
   it('collects home and active server urls without duplicates', () => {
-    expect(collectSessionTokenLookupUrls(user, 'https://signal.example.com')).toEqual([
-      'https://signal.example.com'
-    ]);
-    expect(collectSessionTokenLookupUrls(user, 'http://localhost:3001')).toEqual([
-      'http://localhost:3001',
-      'https://signal.example.com'
-    ]);
+    expect(collectSessionTokenLookupUrls(user, 'https://signal.example.com')).toEqual(['https://signal.example.com']);
+
+    expect(collectSessionTokenLookupUrls(user, 'http://localhost:3001')).toEqual(['http://localhost:3001', 'https://signal.example.com']);
   });
 
   it('requires a valid token for a known server url', () => {

toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.spec.ts

@@ -0,0 +1,53 @@
+import {
+  describe,
+  expect,
+  it
+} from 'vitest';
+import { isSelfPresenceUserId, resolveSelfPresenceUserIds } from './self-presence-identity.rules';
+
+describe('resolveSelfPresenceUserIds', () => {
+  it('includes home user id and oderId', () => {
+    const ids = resolveSelfPresenceUserIds({
+      homeUserId: 'home-id',
+      homeOderId: 'peer-a'
+    });
+
+    expect([...ids]).toEqual(['home-id', 'peer-a']);
+  });
+
+  it('includes the per-server actor user id when provisioned on a foreign server', () => {
+    const ids = resolveSelfPresenceUserIds({
+      homeUserId: 'home-id',
+      homeOderId: 'peer-a',
+      actorUserId: 'foreign-id'
+    });
+
+    expect([...ids]).toEqual([
+      'home-id',
+      'peer-a',
+      'foreign-id'
+    ]);
+  });
+
+  it('deduplicates when actor id matches home id', () => {
+    const ids = resolveSelfPresenceUserIds({
+      homeUserId: 'same-id',
+      homeOderId: 'same-id',
+      actorUserId: 'same-id'
+    });
+
+    expect([...ids]).toEqual(['same-id']);
+  });
+});
+
+describe('isSelfPresenceUserId', () => {
+  it('returns true when the user id is part of the self set', () => {
+    const selfIds = resolveSelfPresenceUserIds({
+      homeUserId: 'home-id',
+      actorUserId: 'foreign-id'
+    });
+
+    expect(isSelfPresenceUserId('foreign-id', selfIds)).toBe(true);
+    expect(isSelfPresenceUserId('other-id', selfIds)).toBe(false);
+  });
+});

toju-app/src/app/domains/authentication/domain/logic/self-presence-identity.rules.ts

@@ -0,0 +1,31 @@
+export interface SelfPresenceIdentityInput {
+  homeUserId?: string;
+  homeOderId?: string;
+  actorUserId?: string;
+}
+
+/** Collect every user id that represents the local user on a room's signal server. */
+export function resolveSelfPresenceUserIds(input: SelfPresenceIdentityInput): ReadonlySet<string> {
+  const ids = new Set<string>();
+
+  if (input.homeUserId?.trim()) {
+    ids.add(input.homeUserId.trim());
+  }
+
+  if (input.homeOderId?.trim()) {
+    ids.add(input.homeOderId.trim());
+  }
+
+  if (input.actorUserId?.trim()) {
+    ids.add(input.actorUserId.trim());
+  }
+
+  return ids;
+}
+
+export function isSelfPresenceUserId(
+  userId: string | undefined,
+  selfIds: ReadonlySet<string>
+): boolean {
+  return !!userId?.trim() && selfIds.has(userId.trim());
+}

toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.spec.ts

@@ -0,0 +1,55 @@
+import {
+  describe,
+  it,
+  expect
+} from 'vitest';
+import { resolveSignalIdentity } from './signal-server-credential-resolution.rules';
+
+describe('resolveSignalIdentity', () => {
+  const homeUser = {
+    id: 'home-user-1',
+    displayName: 'Alice',
+    homeSignalServerUrl: 'https://signal.example.com'
+  };
+
+  it('prefers the per-signal credential when present', () => {
+    const resolved = resolveSignalIdentity(
+      { userId: 'provisioned-1', token: 'cred-token', displayName: 'Alice On Foreign' },
+      { token: 'legacy-token' },
+      homeUser
+    );
+
+    expect(resolved).toEqual({
+      userId: 'provisioned-1',
+      token: 'cred-token',
+      displayName: 'Alice On Foreign',
+      homeSignalServerUrl: 'https://signal.example.com'
+    });
+  });
+
+  it('falls back to the legacy session token using the home identity when no credential exists', () => {
+    const resolved = resolveSignalIdentity(
+      null,
+      { token: 'legacy-token' },
+      homeUser
+    );
+
+    expect(resolved).toEqual({
+      userId: 'home-user-1',
+      token: 'legacy-token',
+      displayName: 'Alice',
+      homeSignalServerUrl: 'https://signal.example.com'
+    });
+  });
+
+  it('returns null when neither a credential nor a legacy token is available', () => {
+    expect(resolveSignalIdentity(null, null, homeUser)).toBeNull();
+  });
+
+  it('does not fall back to the legacy token without a known home user id', () => {
+    expect(resolveSignalIdentity(null, { token: 'legacy-token' }, null)).toBeNull();
+    expect(
+      resolveSignalIdentity(null, { token: 'legacy-token' }, { displayName: 'Alice' })
+    ).toBeNull();
+  });
+});

toju-app/src/app/domains/authentication/domain/logic/signal-server-credential-resolution.rules.ts

@@ -0,0 +1,53 @@
+export interface ResolvableHomeUser {
+  id?: string;
+  displayName?: string;
+  homeSignalServerUrl?: string;
+}
+
+export interface ResolvedSignalIdentity {
+  userId: string;
+  token: string;
+  displayName: string;
+  homeSignalServerUrl?: string;
+}
+
+/**
+ * Resolve the identity (oder id + session token) used to `identify` on a signal
+ * server.
+ *
+ * Order of precedence:
+ *  1. The per-signal-server credential (the authoritative source for both home
+ *     and provisioned foreign servers).
+ *  2. The legacy single-session token store, reconstructed with the home user's
+ *     identity. This keeps `identify` working for sessions restored from disk
+ *     that pre-date the per-signal credential store (otherwise the client never
+ *     authenticates and the user appears alone in every room).
+ *
+ * Foreign servers are never reconstructed from the legacy token: their account
+ * id is the provisioned id, which only the per-signal credential carries.
+ */
+export function resolveSignalIdentity(
+  credential: { userId: string; token: string; displayName: string } | null,
+  legacyToken: { token: string } | null,
+  homeUser: ResolvableHomeUser | null | undefined
+): ResolvedSignalIdentity | null {
+  if (credential) {
+    return {
+      userId: credential.userId,
+      token: credential.token,
+      displayName: credential.displayName,
+      homeSignalServerUrl: homeUser?.homeSignalServerUrl
+    };
+  }
+
+  if (legacyToken && homeUser?.id) {
+    return {
+      userId: homeUser.id,
+      token: legacyToken.token,
+      displayName: homeUser.displayName ?? '',
+      homeSignalServerUrl: homeUser.homeSignalServerUrl
+    };
+  }
+
+  return null;
+}

toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.spec.ts

@@ -0,0 +1,36 @@
+import {
+  describe,
+  it,
+  expect
+} from 'vitest';
+import {
+  ProvisionUsernameCollisionError,
+  buildProvisionUsernameCandidates,
+  shortHomeUserId
+} from './signal-server-provision.rules';
+
+describe('signal-server-provision.rules', () => {
+  it('derives a stable short id from a home user uuid', () => {
+    expect(shortHomeUserId('a3f2b1c4-5678-90ab-cdef-1234567890ab')).toBe('a3f2b1');
+  });
+
+  it('orders username candidates with preferred first then suffixed fallback', () => {
+    expect(
+      buildProvisionUsernameCandidates('alice', 'a3f2b1c4-5678-90ab-cdef-1234567890ab')
+    ).toEqual(['alice', 'alice-a3f2b1']);
+  });
+
+  it('deduplicates candidates when suffix would repeat preferred username', () => {
+    expect(
+      buildProvisionUsernameCandidates('alice-a3f2b1', 'a3f2b1c4-5678-90ab-cdef-1234567890ab')
+    ).toEqual(['alice-a3f2b1']);
+  });
+
+  it('exposes attempted usernames on collision errors', () => {
+    const error = new ProvisionUsernameCollisionError('https://signal.example.com', ['alice', 'alice-a3f2b1']);
+
+    expect(error.name).toBe('ProvisionUsernameCollisionError');
+    expect(error.serverUrl).toBe('https://signal.example.com');
+    expect(error.attemptedUsernames).toEqual(['alice', 'alice-a3f2b1']);
+  });
+});

toju-app/src/app/domains/authentication/domain/logic/signal-server-provision.rules.ts

@@ -0,0 +1,34 @@
+export class ProvisionUsernameCollisionError extends Error {
+  constructor(
+    readonly serverUrl: string,
+    readonly attemptedUsernames: readonly string[]
+  ) {
+    super(`Could not provision account on ${serverUrl}`);
+    this.name = 'ProvisionUsernameCollisionError';
+  }
+}
+
+export function shortHomeUserId(homeUserId: string): string {
+  return homeUserId.replace(/-/g, '').slice(0, 6)
+    .toLowerCase();
+}
+
+export function buildProvisionUsernameCandidates(
+  preferredUsername: string,
+  homeUserId: string
+): string[] {
+  const trimmed = preferredUsername.trim();
+
+  if (!trimmed) {
+    return [];
+  }
+
+  const candidates = [trimmed];
+  const suffix = shortHomeUserId(homeUserId);
+
+  if (suffix && !trimmed.endsWith(`-${suffix}`)) {
+    candidates.push(`${trimmed}-${suffix}`);
+  }
+
+  return [...new Set(candidates)];
+}

toju-app/src/app/domains/authentication/domain/models/signal-server-credential.model.ts

@@ -0,0 +1,9 @@
+export interface SignalServerCredential {
+  serverUrl: string;
+  userId: string;
+  username: string;
+  displayName: string;
+  token: string;
+  expiresAt: number;
+  provisioned: boolean;
+}

toju-app/src/app/domains/authentication/feature/login/login.component.html

@@ -5,9 +5,19 @@
         name="lucideLogIn"
         class="w-5 h-5 text-primary"
       />
-      <h1 class="text-lg font-semibold text-foreground">{{ 'auth.login.title' | translate }}</h1>
+      <h1 class="text-lg font-semibold text-foreground">
+        @if (isAuthorizeMode()) {
+          {{ 'auth.authorize.title' | translate: { serverName: authorizeServerName() } }}
+        } @else {
+          {{ 'auth.login.title' | translate }}
+        }
+      </h1>
     </div>
 
+    @if (isAuthorizeMode()) {
+      <p class="text-xs text-muted-foreground mb-4">{{ 'auth.authorize.description' | translate }}</p>
+    }
+
     <form
       class="space-y-3"
       (ngSubmit)="submit()"

toju-app/src/app/domains/authentication/feature/login/login.component.ts

@@ -1,6 +1,7 @@
 
 import {
   Component,
+  computed,
   inject,
   OnInit,
   signal
@@ -21,7 +22,9 @@ import {
 import { AuthenticationService } from '../../application/services/authentication.service';
 import { ServerDirectoryFacade } from '../../../server-directory';
 import {
+  AUTH_MODE_AUTHORIZE,
   buildLoginReturnQueryParams,
+  isAuthorizeAuthMode,
   resolveSafeReturnUrl,
   waitForAuthenticationOutcome
 } from '../../domain/logic/auth-navigation.rules';
@@ -56,6 +59,13 @@ export class LoginComponent implements OnInit {
   password = '';
   serverId: string | undefined = this.serversSvc.activeServer()?.id;
   error = signal<string | null>(null);
+  readonly isAuthorizeMode = signal(false);
+  readonly authorizeServerName = computed(() => {
+    const sid = this.serverId || this.serversSvc.activeServer()?.id;
+    const endpoint = this.servers().find((server) => server.id === sid);
+
+    return endpoint?.name ?? this.appI18n.instant('auth.authorize.defaultServerName');
+  });
 
   private readonly appI18n = inject(AppI18nService);
   private auth = inject(AuthenticationService);
@@ -68,6 +78,19 @@ export class LoginComponent implements OnInit {
   trackById(_index: number, item: { id: string }) { return item.id; }
 
   ngOnInit(): void {
+    const mode = this.route.snapshot.queryParamMap.get('mode');
+    const requestedServerId = this.route.snapshot.queryParamMap.get('serverId')?.trim();
+
+    this.isAuthorizeMode.set(isAuthorizeAuthMode(mode));
+
+    if (requestedServerId) {
+      this.serverId = requestedServerId;
+    }
+
+    if (this.isAuthorizeMode()) {
+      return;
+    }
+
     this.store.select(selectCurrentUser).pipe(
       filter(Boolean),
       take(1)
@@ -88,8 +111,24 @@ export class LoginComponent implements OnInit {
       password: this.password,
       serverId: sid }).subscribe({
       next: async (resp) => {
-        if (sid)
+        const serverUrl = this.auth.resolveServerUrlFor(sid);
+
+        if (this.isAuthorizeMode()) {
+          this.store.dispatch(UsersActions.authorizeSignalServer({
+            serverUrl,
+            response: resp,
+            provisioned: false
+          }));
+
+          const returnUrl = resolveSafeReturnUrl(this.route.snapshot.queryParamMap.get('returnUrl'));
+
+          await this.router.navigateByUrl(returnUrl);
+          return;
+        }
+
+        if (sid) {
           this.serversSvc.setActiveServer(sid);
+        }
 
         const homeSignalServerUrl = this.serversSvc.servers().find((server) => server.id === sid)?.url
           ?? this.serversSvc.activeServer()?.url;
@@ -104,7 +143,7 @@ export class LoginComponent implements OnInit {
           homeSignalServerUrl
         };
 
-        this.store.dispatch(UsersActions.authenticateUser({ user }));
+        this.store.dispatch(UsersActions.authenticateUser({ user, loginResponse: resp }));
 
         const outcome = await firstValueFrom(waitForAuthenticationOutcome(this.actions$));
 
@@ -126,7 +165,10 @@ export class LoginComponent implements OnInit {
   /** Navigate to the registration page. */
   goRegister() {
     this.router.navigate(['/register'], {
-      queryParams: buildLoginReturnQueryParams(this.router.url)
+      queryParams: buildLoginReturnQueryParams(this.router.url, undefined, {
+        mode: this.isAuthorizeMode() ? AUTH_MODE_AUTHORIZE : undefined,
+        serverId: this.serverId
+      })
     });
   }
 }

toju-app/src/app/domains/authentication/feature/register/register.component.html

@@ -5,9 +5,19 @@
         name="lucideUserPlus"
         class="w-5 h-5 text-primary"
       />
-      <h1 class="text-lg font-semibold text-foreground">{{ 'auth.register.title' | translate }}</h1>
+      <h1 class="text-lg font-semibold text-foreground">
+        @if (isAuthorizeMode()) {
+          {{ 'auth.authorize.registerTitle' | translate: { serverName: authorizeServerName() } }}
+        } @else {
+          {{ 'auth.register.title' | translate }}
+        }
+      </h1>
     </div>
 
+    @if (isAuthorizeMode()) {
+      <p class="text-xs text-muted-foreground mb-4">{{ 'auth.authorize.description' | translate }}</p>
+    }
+
     <form
       class="space-y-3"
       (ngSubmit)="submit()"

toju-app/src/app/domains/authentication/feature/register/register.component.ts

@@ -1,7 +1,9 @@
 
 import {
   Component,
+  computed,
   inject,
+  OnInit,
   signal
 } from '@angular/core';
 import { CommonModule } from '@angular/common';
@@ -16,7 +18,9 @@ import { firstValueFrom } from 'rxjs';
 import { AuthenticationService } from '../../application/services/authentication.service';
 import { ServerDirectoryFacade } from '../../../server-directory';
 import {
+  AUTH_MODE_AUTHORIZE,
   buildLoginReturnQueryParams,
+  isAuthorizeAuthMode,
   resolveSafeReturnUrl,
   waitForAuthenticationOutcome
 } from '../../domain/logic/auth-navigation.rules';
@@ -42,7 +46,7 @@ import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/d
 /**
  * Registration form allowing new users to create an account on a selected server.
  */
-export class RegisterComponent {
+export class RegisterComponent implements OnInit {
   serversSvc = inject(ServerDirectoryFacade);
 
   servers = this.serversSvc.servers;
@@ -51,6 +55,13 @@ export class RegisterComponent {
   password = '';
   serverId: string | undefined = this.serversSvc.activeServer()?.id;
   error = signal<string | null>(null);
+  readonly isAuthorizeMode = signal(false);
+  readonly authorizeServerName = computed(() => {
+    const sid = this.serverId || this.serversSvc.activeServer()?.id;
+    const endpoint = this.servers().find((server) => server.id === sid);
+
+    return endpoint?.name ?? this.appI18n.instant('auth.authorize.defaultServerName');
+  });
 
   private readonly appI18n = inject(AppI18nService);
   private auth = inject(AuthenticationService);
@@ -62,6 +73,17 @@ export class RegisterComponent {
   /** TrackBy function for server list rendering. */
   trackById(_index: number, item: { id: string }) { return item.id; }
 
+  ngOnInit(): void {
+    const mode = this.route.snapshot.queryParamMap.get('mode');
+    const requestedServerId = this.route.snapshot.queryParamMap.get('serverId')?.trim();
+
+    this.isAuthorizeMode.set(isAuthorizeAuthMode(mode));
+
+    if (requestedServerId) {
+      this.serverId = requestedServerId;
+    }
+  }
+
   /** Validate and submit the registration form, then navigate to search on success. */
   submit() {
     this.error.set(null);
@@ -72,8 +94,24 @@ export class RegisterComponent {
       displayName: this.displayName.trim(),
       serverId: sid }).subscribe({
       next: async (resp) => {
-        if (sid)
+        const serverUrl = this.auth.resolveServerUrlFor(sid);
+
+        if (this.isAuthorizeMode()) {
+          this.store.dispatch(UsersActions.authorizeSignalServer({
+            serverUrl,
+            response: resp,
+            provisioned: false
+          }));
+
+          const returnUrl = resolveSafeReturnUrl(this.route.snapshot.queryParamMap.get('returnUrl'));
+
+          await this.router.navigateByUrl(returnUrl);
+          return;
+        }
+
+        if (sid) {
           this.serversSvc.setActiveServer(sid);
+        }
 
         const homeSignalServerUrl = this.serversSvc.servers().find((server) => server.id === sid)?.url
           ?? this.serversSvc.activeServer()?.url;
@@ -88,7 +126,7 @@ export class RegisterComponent {
           homeSignalServerUrl
         };
 
-        this.store.dispatch(UsersActions.authenticateUser({ user }));
+        this.store.dispatch(UsersActions.authenticateUser({ user, loginResponse: resp }));
 
         const outcome = await firstValueFrom(waitForAuthenticationOutcome(this.actions$));
 
@@ -110,7 +148,10 @@ export class RegisterComponent {
   /** Navigate to the login page. */
   goLogin() {
     this.router.navigate(['/login'], {
-      queryParams: buildLoginReturnQueryParams(this.router.url)
+      queryParams: buildLoginReturnQueryParams(this.router.url, undefined, {
+        mode: this.isAuthorizeMode() ? AUTH_MODE_AUTHORIZE : undefined,
+        serverId: this.serverId
+      })
     });
   }
 }

toju-app/src/app/domains/authentication/index.ts

@@ -1,3 +1,12 @@
 export * from './application/services/authentication.service';
 export * from './application/services/auth-token-store.service';
+export * from './application/services/signal-server-auth.service';
+export * from './application/services/signal-server-authorize.service';
+export * from './application/services/signal-server-credential-store.service';
+export * from './application/services/signal-server-provisioner.service';
+export * from './application/services/signal-server-provision-notice.service';
+export * from './application/services/provision-secret-store.service';
 export * from './domain/models/authentication.model';
+export * from './domain/models/signal-server-credential.model';
+export * from './domain/logic/signal-server-provision.rules';
+export * from './domain/logic/auth-navigation.rules';

toju-app/src/app/domains/chat/domain/rules/message-integrity.rules.ts

@@ -21,14 +21,14 @@ export interface InventoryIntegritySnapshot {
   headHash: string;
 }
 
-export type RemoteInventoryItem = {
+export interface RemoteInventoryItem {
   id: string;
   ts: number;
   rc?: number;
   ac?: number;
   revision?: number;
   headHash?: string;
-};
+}
 
 export type MessageRevisionAction = MessageRevisionType;
 

toju-app/src/app/domains/chat/domain/rules/message-revision-signing.rules.spec.ts

@@ -5,10 +5,7 @@ import {
   vi
 } from 'vitest';
 import type { MessageRevision } from '../../../../shared-kernel';
-import {
-  attachRevisionSignatureIfPossible,
-  shouldAcceptRevisionWithoutRegisteredKey
-} from './message-revision-signing.rules';
+import { attachRevisionSignatureIfPossible, shouldAcceptRevisionWithoutRegisteredKey } from './message-revision-signing.rules';
 
 describe('message-revision-signing.rules', () => {
   const revision: MessageRevision = {
@@ -43,6 +40,7 @@ describe('message-revision-signing.rules', () => {
       ...revision,
       signature: 'signature'
     }, null)).toBe(true);
+
     expect(shouldAcceptRevisionWithoutRegisteredKey(revision, null)).toBe(false);
   });
 });

toju-app/src/app/domains/chat/domain/rules/message-sync.rules.spec.ts

@@ -7,11 +7,7 @@ import { findMissingIds } from './message-sync.rules';
 
 describe('message-sync.rules', () => {
   it('requests ids with newer revision or mismatched head hash', () => {
-    const localMap = new Map([
-      ['m1', { ts: 10, rc: 0, ac: 0, revision: 1, headHash: 'aaa' }],
-      ['m2', { ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' }]
-    ]);
-
+    const localMap = new Map([['m1', { ts: 10, rc: 0, ac: 0, revision: 1, headHash: 'aaa' }], ['m2', { ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' }]]);
     const missing = findMissingIds([
       { id: 'm1', ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'ccc' },
       { id: 'm2', ts: 10, rc: 0, ac: 0, revision: 2, headHash: 'bbb' },

toju-app/src/app/domains/chat/feature/typing-indicator/typing-indicator.component.ts

@@ -1,4 +1,4 @@
-/* eslint-disable @typescript-eslint/member-ordering, id-length, id-denylist, */
+/* eslint-disable @typescript-eslint/member-ordering, */
 import {
   Component,
   computed,

toju-app/src/app/domains/custom-emoji/application/custom-emoji.service.ts

@@ -317,6 +317,46 @@ export class CustomEmojiService {
     const peers = this.webrtc.getConnectedPeers();
 
     await Promise.all(peers.map((peerId) => this.sendEmojiToPeer(peerId, emoji)));
+    await this.relayEmojiViaAccountSync(emoji);
+  }
+
+  private async relayEmojiViaAccountSync(emoji: CustomEmoji): Promise<void> {
+    if (canInlineCustomEmojiTransfer(emoji)) {
+      this.webrtc.relayAccountSync({
+        type: 'custom-emoji-full',
+        customEmoji: emoji
+      });
+
+      return;
+    }
+
+    const transfer = splitCustomEmojiDataUrl(emoji.dataUrl);
+    const manifest: CustomEmojiTransferManifest = {
+      id: emoji.id,
+      name: emoji.name,
+      creatorUserId: emoji.creatorUserId,
+      hash: emoji.hash,
+      mime: emoji.mime,
+      size: emoji.size,
+      createdAt: emoji.createdAt,
+      updatedAt: emoji.updatedAt
+    };
+
+    this.webrtc.relayAccountSync({
+      type: 'custom-emoji-full',
+      customEmojiTransfer: manifest,
+      total: transfer.total
+    });
+
+    for (let chunkIndex = 0; chunkIndex < transfer.chunks.length; chunkIndex++) {
+      this.webrtc.relayAccountSync({
+        type: 'custom-emoji-chunk',
+        customEmojiId: emoji.id,
+        index: chunkIndex,
+        total: transfer.total,
+        data: transfer.chunks[chunkIndex]
+      });
+    }
   }
 
   private async sendEmojiToPeer(peerId: string, emoji: CustomEmoji): Promise<void> {

toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.spec.ts

@@ -94,6 +94,7 @@ describe('CustomEmojiPickerComponent', () => {
         }
       ]
     });
+
     initializeAppI18nForTests(injector);
 
     return runInInjectionContext(injector, () => injector.get(CustomEmojiPickerComponent));

toju-app/src/app/domains/custom-emoji/feature/custom-emoji-picker/custom-emoji-picker.component.ts

@@ -22,10 +22,7 @@ import {
 import { CustomEmoji, EmojiShortcutEntry } from '../../../../shared-kernel';
 import { CustomEmojiService } from '../../application/custom-emoji.service';
 import { APP_TRANSLATE_IMPORTS, AppI18nService } from '../../../../core/i18n';
-import {
-  AutoFocusDirective,
-  SelectOnFocusDirective
-} from '../../../../shared/directives';
+import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
 import {
   CUSTOM_EMOJI_ACCEPT_ATTRIBUTE,
   UNICODE_EMOJI_PICKER_ENTRIES,

toju-app/src/app/domains/direct-call/application/services/direct-call.service.spec.ts

@@ -9,7 +9,11 @@ import { Router } from '@angular/router';
 import { Store } from '@ngrx/store';
 import { Subject } from 'rxjs';
 import { NotificationAudioService, AppSound } from '../../../../core/services/notification-audio.service';
-import { MobileCallSessionService, MobileMediaService, MobileNotificationsService } from '../../../../infrastructure/mobile';
+import {
+  MobileCallSessionService,
+  MobileMediaService,
+  MobileNotificationsService
+} from '../../../../infrastructure/mobile';
 import { initializeAppI18nForTests, provideAppI18nForTests } from '../../../../core/i18n/app-i18n.testing';
 import { ViewportService } from '../../../../core/platform';
 import {
@@ -575,6 +579,7 @@ function createServiceContext(options: ServiceContextOptions): ServiceContext {
       ...provideAppI18nForTests()
     ]
   });
+
   initializeAppI18nForTests(injector);
 
   return {

toju-app/src/app/domains/direct-call/application/services/direct-call.service.ts

@@ -21,10 +21,7 @@ import {
   VoiceConnectionFacade,
   VoicePlaybackService
 } from '../../../voice-connection';
-import {
-  VoiceSessionFacade,
-  isVoiceOnAnotherClient
-} from '../../../voice-session';
+import { VoiceSessionFacade, isVoiceOnAnotherClient } from '../../../voice-session';
 import { RealtimeSessionFacade } from '../../../../core/realtime';
 import { DirectMessageService, PeerDeliveryService } from '../../../direct-message';
 import type { DirectMessageConversation } from '../../../direct-message';

toju-app/src/app/domains/direct-message/application/services/friend.service.ts

@@ -7,6 +7,7 @@ import {
   signal
 } from '@angular/core';
 import { Store } from '@ngrx/store';
+import { RealtimeSessionFacade } from '../../../../core/realtime';
 import { FriendRepository } from '../../infrastructure/friend.repository';
 import type { Friend } from '../../domain/models/direct-message.model';
 import { selectCurrentUser } from '../../../../store/users/users.selectors';
@@ -15,6 +16,7 @@ import { selectCurrentUser } from '../../../../store/users/users.selectors';
 export class FriendService {
   private readonly repository = inject(FriendRepository);
   private readonly store = inject(Store);
+  private readonly webrtc = inject(RealtimeSessionFacade);
   private readonly currentUser = this.store.selectSignal(selectCurrentUser);
   private readonly friendsSignal = signal<Friend[]>([]);
   private loadedOwnerId: string | null = null;
@@ -36,11 +38,42 @@ export class FriendService {
 
     await this.repository.addFriend(ownerId, friend);
     await this.loadForOwner(ownerId, true);
+    this.webrtc.relayAccountSync({
+      type: 'friend-added',
+      userId,
+      addedAt: friend.addedAt
+    });
   }
 
   async removeFriend(userId: string): Promise<void> {
     const ownerId = await this.requireOwnerId();
 
+    await this.repository.removeFriend(ownerId, userId);
+    await this.loadForOwner(ownerId, true);
+    this.webrtc.relayAccountSync({
+      type: 'friend-removed',
+      userId
+    });
+  }
+
+  async applyRemoteFriendAdded(userId: string, addedAt: number): Promise<void> {
+    const ownerId = await this.requireOwnerId();
+
+    if (this.isFriend(userId)) {
+      return;
+    }
+
+    await this.repository.addFriend(ownerId, { userId, addedAt });
+    await this.loadForOwner(ownerId, true);
+  }
+
+  async applyRemoteFriendRemoved(userId: string): Promise<void> {
+    const ownerId = await this.requireOwnerId();
+
+    if (!this.isFriend(userId)) {
+      return;
+    }
+
     await this.repository.removeFriend(ownerId, userId);
     await this.loadForOwner(ownerId, true);
   }

toju-app/src/app/domains/direct-message/feature/find-people/find-people.component.ts

@@ -17,10 +17,7 @@ import {
 } from '@ng-icons/lucide';
 
 import { AppI18nService, APP_TRANSLATE_IMPORTS } from '../../../../core/i18n';
-import {
-  AutoFocusDirective,
-  SelectOnFocusDirective
-} from '../../../../shared/directives';
+import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
 import { UserSearchListComponent } from '../user-search-list/user-search-list.component';
 import { selectAllUsers } from '../../../../store/users/users.selectors';
 import { selectSavedRooms } from '../../../../store/rooms/rooms.selectors';

toju-app/src/app/domains/direct-message/feature/friend-button/friend-button.component.ts

@@ -15,7 +15,11 @@ import type { User } from '../../../../shared-kernel';
 @Component({
   selector: 'app-friend-button',
   standalone: true,
-  imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
+  imports: [
+    CommonModule,
+    NgIcon,
+    ...APP_TRANSLATE_IMPORTS
+  ],
   viewProviders: [provideIcons({ lucideUserCheck, lucideUserPlus })],
   templateUrl: './friend-button.component.html'
 })

toju-app/src/app/domains/experimental-media/feature/experimental-vlc-player/experimental-vlc-player.component.ts

@@ -23,7 +23,11 @@ import { ExperimentalVlcPlayerHandle, ExperimentalVlcRuntimeService } from '../.
 @Component({
   selector: 'app-experimental-vlc-player',
   standalone: true,
-  imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
+  imports: [
+    CommonModule,
+    NgIcon,
+    ...APP_TRANSLATE_IMPORTS
+  ],
   viewProviders: [
     provideIcons({
       lucideDownload,

toju-app/src/app/domains/game-activity/application/game-activity.service.spec.ts

@@ -232,6 +232,7 @@ function createServiceContext(options: ServiceContextOptions): ServiceContext {
       }
     ]
   });
+
   initializeAppI18nForTests(injector);
   const service = runInInjectionContext(injector, () => new GameActivityService());
   const context = {

toju-app/src/app/domains/notifications/feature/settings/notifications-settings/notifications-settings.component.ts

@@ -21,7 +21,11 @@ import { APP_TRANSLATE_IMPORTS } from '../../../../../core/i18n';
 @Component({
   selector: 'app-notifications-settings',
   standalone: true,
-  imports: [CommonModule, NgIcon, ...APP_TRANSLATE_IMPORTS],
+  imports: [
+    CommonModule,
+    NgIcon,
+    ...APP_TRANSLATE_IMPORTS
+  ],
   viewProviders: [
     provideIcons({
       lucideBell,

toju-app/src/app/domains/plugins/application/services/plugin-client-api.service.spec.ts

@@ -125,6 +125,7 @@ describe('PluginClientApiService', () => {
         })
       })
     );
+
     expect(context.voice.broadcastMessage).toHaveBeenCalledWith(expect.objectContaining({
       type: 'chat-message',
       message: expect.objectContaining({
@@ -132,6 +133,7 @@ describe('PluginClientApiService', () => {
         roomId: 'room-1'
       })
     }));
+
     expect(context.messageRevisions.broadcastRevision).toHaveBeenCalled();
   });
 

toju-app/src/app/domains/plugins/application/services/plugin-host.service.ts

@@ -17,6 +17,7 @@ import type {
   LocalPluginRegistrationResult,
   RegisteredPlugin
 } from '../../domain/models/plugin-runtime.models';
+import { isSecurePluginRemoteUrl } from '../../domain/rules/plugin-source-url.rules';
 import { LocalPluginDiscoveryService } from '../../infrastructure/local-plugin-discovery.service';
 import { PluginCapabilityService } from './plugin-capability.service';
 import { PluginDesktopStateService } from './plugin-desktop-state.service';
@@ -24,10 +25,7 @@ import { PluginClientApiService } from './plugin-client-api.service';
 import { PluginLoggerService } from './plugin-logger.service';
 import { PluginRegistryService } from './plugin-registry.service';
 import { PluginUiRegistryService } from './plugin-ui-registry.service';
-import {
-  fileUrlToPath,
-  grantPluginReadRoots
-} from '../../domain/rules/plugin-local-file.rules';
+import { fileUrlToPath, grantPluginReadRoots } from '../../domain/rules/plugin-local-file.rules';
 
 interface ActivePluginRuntime {
   context: TojuPluginActivationContext;
@@ -379,7 +377,7 @@ export class PluginHostService {
       return { module, moduleObjectUrl };
     }
 
-    if (!entrypointUrl.startsWith('file://') && !entrypointUrl.startsWith('https://')) {
+    if (!entrypointUrl.startsWith('file://') && !isSecurePluginRemoteUrl(entrypointUrl)) {
       throw new Error('Remote plugin entrypoints must use HTTPS');
     }
 
@@ -388,7 +386,7 @@ export class PluginHostService {
         module: await import(/* @vite-ignore */ entrypointUrl) as TojuClientPluginModule
       };
     } catch (error) {
-      if (!entrypointUrl.startsWith('https://')) {
+      if (!isSecurePluginRemoteUrl(entrypointUrl)) {
         throw error;
       }
 
@@ -420,7 +418,7 @@ export class PluginHostService {
   }
 
   private async createRemoteModuleObjectUrl(entrypointUrl: string, manifest: TojuPluginManifest): Promise<string> {
-    if (!entrypointUrl.startsWith('https://')) {
+    if (!isSecurePluginRemoteUrl(entrypointUrl)) {
       throw new Error('Remote plugin entrypoints must use HTTPS');
     }
 

toju-app/src/app/domains/plugins/application/services/plugin-store.service.spec.ts

@@ -238,6 +238,22 @@ describe('PluginStoreService', () => {
       url: plugin.readmeUrl
     });
   });
+
+  it('allows localhost HTTP plugin source URLs for local dev and E2E', async () => {
+    const localSourceUrl = 'http://localhost:4200/plugins/e2e-plugin-source.json';
+
+    mockFetchResponses(fetchMock, {
+      [localSourceUrl]: jsonResponse({
+        title: 'Local E2E Source',
+        plugins: []
+      })
+    });
+
+    const service = createService(registerLocalManifest, unregister);
+
+    await expect(service.addSourceUrl(localSourceUrl)).resolves.toBeUndefined();
+    expect(service.sourceUrls()).toContain(localSourceUrl);
+  });
 });
 
 function mockFetchResponses(fetchMock: ReturnType<typeof vi.fn>, responses: Record<string, Response>): void {
@@ -312,8 +328,8 @@ function createService(
       }
     ]
   });
-
   const service = injector.get(PluginStoreService);
+
   injector.get(AppI18nService).initialize();
 
   return service;

toju-app/src/app/domains/plugins/application/services/plugin-store.service.ts

@@ -11,6 +11,7 @@ import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
 import { Store } from '@ngrx/store';
 import { firstValueFrom } from 'rxjs';
 import { environment } from '../../../../../environments/environment';
+import { isLocalDevPluginSourceUrl } from '../../domain/rules/plugin-source-url.rules';
 import { RealtimeSessionFacade } from '../../../../core/realtime';
 import { AppI18nService } from '../../../../core/i18n';
 import { getUserScopedStorageKey } from '../../../../core/storage/current-user-storage';
@@ -45,10 +46,7 @@ import { PluginCapabilityService } from './plugin-capability.service';
 import { PluginDesktopStateService } from './plugin-desktop-state.service';
 import { PluginRequirementService } from './plugin-requirement.service';
 import { PluginRegistryService } from './plugin-registry.service';
-import {
-  fileUrlToPath,
-  grantPluginReadRoots
-} from '../../domain/rules/plugin-local-file.rules';
+import { fileUrlToPath, grantPluginReadRoots } from '../../domain/rules/plugin-local-file.rules';
 
 const STORE_SCHEMA_VERSION = 2;
 const STORAGE_KEY_PLUGIN_STORE = 'metoyou_plugin_store';
@@ -172,8 +170,8 @@ export class PluginStoreService {
     }
 
     this.sourceUrlsSignal.update((sourceUrls) => [...sourceUrls, sourceUrl]);
-    await this.ensurePluginSourceReadRoot(sourceUrl);
     this.saveState();
+    await this.ensurePluginSourceReadRoot(sourceUrl);
     await this.refreshSources();
   }
 
@@ -514,7 +512,7 @@ export class PluginStoreService {
       return await this.readLocalFileUrl(url);
     }
 
-    if (!url.startsWith('https://')) {
+    if (!url.startsWith('https://') && !isLocalDevPluginSourceUrl(url)) {
       throw new Error('Remote plugin store requests must use HTTPS');
     }
 

toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.spec.ts

@@ -1,4 +1,8 @@
-import { describe, expect, it } from 'vitest';
+import {
+  describe,
+  expect,
+  it
+} from 'vitest';
 import {
   collectPluginReadRoots,
   fileUrlToPath,
@@ -15,18 +19,12 @@ describe('plugin-local-file.rules', () => {
     expect(collectPluginReadRoots(
       'file:///home/ludde/Desktop/TestPlugin/plugin-source.json',
       'file:///home/ludde/Desktop/TestPlugin/dist/main.js'
-    )).toEqual([
-      '/home/ludde/Desktop/TestPlugin',
-      '/home/ludde/Desktop/TestPlugin/dist'
-    ]);
+    )).toEqual(['/home/ludde/Desktop/TestPlugin', '/home/ludde/Desktop/TestPlugin/dist']);
   });
 
   it('treats directory file URLs as their own read roots', () => {
-    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin/')).toEqual([
-      '/home/ludde/Desktop/TestPlugin'
-    ]);
-    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin')).toEqual([
-      '/home/ludde/Desktop/TestPlugin'
-    ]);
+    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin/')).toEqual(['/home/ludde/Desktop/TestPlugin']);
+
+    expect(collectPluginReadRoots('file:///home/ludde/Desktop/TestPlugin')).toEqual(['/home/ludde/Desktop/TestPlugin']);
   });
 });

toju-app/src/app/domains/plugins/domain/rules/plugin-local-file.rules.ts

@@ -8,7 +8,8 @@ export function pluginFileParentDir(filePath: string): string {
 }
 
 export function pluginReadRootForFileUrl(fileUrl: string): string {
-  const filePath = fileUrlToPath(fileUrl).replace(/\\/g, '/').replace(/\/+$/, '');
+  const filePath = fileUrlToPath(fileUrl).replace(/\\/g, '/')
+    .replace(/\/+$/, '');
   const basename = filePath.split('/').pop() ?? '';
 
   if (fileUrl.endsWith('/') || !basename.includes('.')) {
@@ -18,7 +19,7 @@ export function pluginReadRootForFileUrl(fileUrl: string): string {
   return pluginFileParentDir(filePath);
 }
 
-export function collectPluginReadRoots(...fileUrls: Array<string | undefined>): string[] {
+export function collectPluginReadRoots(...fileUrls: (string | undefined)[]): string[] {
   const roots = new Set<string>();
 
   for (const fileUrl of fileUrls) {
@@ -34,7 +35,7 @@ export function collectPluginReadRoots(...fileUrls: Array<string | undefined>):
 
 export async function grantPluginReadRoots(
   api: Pick<ElectronApi, 'grantPluginReadRoot'> | null | undefined,
-  ...fileUrls: Array<string | undefined>
+  ...fileUrls: (string | undefined)[]
 ): Promise<void> {
   if (!api?.grantPluginReadRoot) {
     return;

toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.spec.ts

@@ -0,0 +1,16 @@
+import { isLocalDevPluginSourceUrl, isSecurePluginRemoteUrl } from './plugin-source-url.rules';
+
+describe('plugin source URL rules', () => {
+  it('treats localhost HTTP URLs as local dev plugin sources', () => {
+    expect(isLocalDevPluginSourceUrl('http://localhost:4200/plugins/e2e-plugin-source.json')).toBe(true);
+    expect(isLocalDevPluginSourceUrl('http://127.0.0.1:4200/plugins/e2e-plugin-source.json')).toBe(true);
+    expect(isLocalDevPluginSourceUrl('http://example.com/plugins.json')).toBe(false);
+    expect(isLocalDevPluginSourceUrl('https://localhost/plugins.json')).toBe(false);
+  });
+
+  it('accepts HTTPS and localhost HTTP as secure remote plugin URLs', () => {
+    expect(isSecurePluginRemoteUrl('https://plugins.example.test/index.json')).toBe(true);
+    expect(isSecurePluginRemoteUrl('http://localhost:4200/plugins/e2e-plugin-source.json')).toBe(true);
+    expect(isSecurePluginRemoteUrl('http://example.com/plugins.json')).toBe(false);
+  });
+});

toju-app/src/app/domains/plugins/domain/rules/plugin-source-url.rules.ts

@@ -0,0 +1,14 @@
+export function isLocalDevPluginSourceUrl(url: string): boolean {
+  try {
+    const parsed = new URL(url);
+
+    return parsed.protocol === 'http:'
+      && (parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1');
+  } catch {
+    return false;
+  }
+}
+
+export function isSecurePluginRemoteUrl(url: string): boolean {
+  return url.startsWith('https://') || isLocalDevPluginSourceUrl(url);
+}

toju-app/src/app/domains/profile-avatar/feature/profile-avatar-editor/profile-avatar-editor.component.ts

@@ -23,7 +23,11 @@ import {
 @Component({
   selector: 'app-profile-avatar-editor',
   standalone: true,
-  imports: [CommonModule, ModalBackdropComponent, ...APP_TRANSLATE_IMPORTS],
+  imports: [
+    CommonModule,
+    ModalBackdropComponent,
+    ...APP_TRANSLATE_IMPORTS
+  ],
   templateUrl: './profile-avatar-editor.component.html'
 })
 export class ProfileAvatarEditorComponent {

toju-app/src/app/domains/server-directory/README.md

@@ -160,7 +160,7 @@ Beyond free-text search, the directory exposes curated discovery lists that powe
 - `ServerDirectoryFacade.getFeaturedServers()` → `GET /api/servers/featured`
 - `ServerDirectoryFacade.getTrendingServers()` → `GET /api/servers/trending`
 
-Both pass through `ServerDirectoryService` to `ServerDirectoryApiService.getFeaturedServers()` / `getTrendingServers()`, which share a private `getDiscoveryServers(path)` HTTP helper and normalise results into `ServerInfo[]` exactly like search. The server ranks featured servers (stable curation) and trending servers (recent activity) via `server-ranking.util.ts`; each route caps results at 50 (`parseDiscoveryLimit`). The discovery routes are registered before the parameterised `/:id` route so `featured`/`trending` are not captured as server IDs.
+Both pass through `ServerDirectoryService` to `ServerDirectoryApiService.getFeaturedServers()` / `getTrendingServers()`, which share a private `getDiscoveryServers(path)` HTTP helper and normalise results into `ServerInfo[]` exactly like search. Discovery **fans out across every online endpoint** (`getSearchableEndpoints()` + `forkJoin`, deduplicated by ID), mirroring all-endpoint search — querying only the active endpoint made the default `/servers` view appear empty whenever that endpoint was a discovery-unsupported production host (`endpointSupportsServerDiscovery`), even though plenty of servers existed on other online endpoints. Each endpoint that is in `DISCOVERY_UNSUPPORTED_HOSTS` is skipped (returns `[]`) per-endpoint rather than short-circuiting the whole request. The server ranks featured servers (stable curation) and trending servers (recent activity) via `server-ranking.util.ts`; each route caps results at 50 (`parseDiscoveryLimit`). The discovery routes are registered before the parameterised `/:id` route so `featured`/`trending` are not captured as server IDs.
 
 `FindServersComponent` (`/servers`) composes these into discovery sections — **Recently active** (the user's saved rooms, capped at 6), **Featured servers**, and **Trending** — and renders them through the reusable `app-server-browser`. `DashboardComponent` (`/dashboard`) uses the same facade methods for its quick search results.
 

toju-app/src/app/domains/server-directory/application/services/server-directory.service.ts

@@ -29,6 +29,7 @@ import {
 import { ServerEndpointCompatibilityService } from '../../infrastructure/services/server-endpoint-compatibility.service';
 import { ServerEndpointHealthService } from '../../infrastructure/services/server-endpoint-health.service';
 import { ServerEndpointStateService } from './server-endpoint-state.service';
+import { SignalServerAuthService } from '../../../authentication/application/services/signal-server-auth.service';
 
 @Injectable({ providedIn: 'root' })
 export class ServerDirectoryService {
@@ -41,6 +42,7 @@ export class ServerDirectoryService {
   private readonly endpointCompatibility = inject(ServerEndpointCompatibilityService);
   private readonly endpointHealth = inject(ServerEndpointHealthService);
   private readonly api = inject(ServerDirectoryApiService);
+  private readonly signalServerAuth = inject(SignalServerAuthService);
   private readonly initialServerHealthCheck: Promise<void>;
   private shouldSearchAllServers = true;
 
@@ -217,6 +219,10 @@ export class ServerDirectoryService {
       healthResult.serverTag
     );
 
+    if (healthResult.status === 'online' && endpoint.isActive) {
+      void this.signalServerAuth.ensureProvisioned(endpoint.url).catch(() => undefined);
+    }
+
     return healthResult.status === 'online';
   }
 
@@ -286,7 +292,13 @@ export class ServerDirectoryService {
     request: ServerJoinAccessRequest,
     selector?: ServerSourceSelector
   ): Observable<ServerJoinAccessResponse> {
-    return this.api.requestJoin(request, selector);
+    const actorUserId = this.resolveActorUserId(request.userId, selector);
+
+    return this.api.requestJoin({
+      ...request,
+      userId: actorUserId,
+      userPublicKey: actorUserId
+    }, selector);
   }
 
   createInvite(
@@ -326,7 +338,7 @@ export class ServerDirectoryService {
   }
 
   notifyLeave(serverId: string, userId: string, selector?: ServerSourceSelector): Observable<void> {
-    return this.api.notifyLeave(serverId, userId, selector);
+    return this.api.notifyLeave(serverId, this.resolveActorUserId(userId, selector), selector);
   }
 
   updateUserCount(serverId: string, count: number): Observable<void> {
@@ -353,4 +365,27 @@ export class ServerDirectoryService {
       this.shouldSearchAllServers = true;
     }
   }
+
+  private resolveActorUserId(userId: string, selector?: ServerSourceSelector): string {
+    return this.signalServerAuth.resolveActorUserIdForServer(
+      this.resolveSelectorServerUrl(selector),
+      userId
+    );
+  }
+
+  private resolveSelectorServerUrl(selector?: ServerSourceSelector): string | undefined {
+    const sourceUrl = selector?.sourceUrl?.trim();
+
+    if (sourceUrl) {
+      return this.endpointState.sanitiseUrl(sourceUrl);
+    }
+
+    const sourceId = selector?.sourceId?.trim();
+
+    if (sourceId) {
+      return this.servers().find((endpoint) => endpoint.id === sourceId)?.url;
+    }
+
+    return this.activeServer()?.url;
+  }
 }

toju-app/src/app/domains/server-directory/feature/create-server-dialog/create-server-dialog.component.ts

@@ -20,10 +20,7 @@ import { ServerDirectoryFacade } from '../../application/facades/server-director
 import { ThemeNodeDirective } from '../../../theme';
 import { ViewportService } from '../../../../core/platform';
 import { BottomSheetComponent, ModalBackdropComponent } from '../../../../shared';
-import {
-  AutoFocusDirective,
-  SelectOnFocusDirective
-} from '../../../../shared/directives';
+import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
 import { CATEGORY_PRESETS, ServerCategoryPreset } from '../create-server/create-server.component';
 
 /**
@@ -114,6 +111,7 @@ export class CreateServerDialogComponent {
       this.router.navigate(['/login'], {
         queryParams: buildLoginReturnQueryParams(this.router.url)
       });
+
       return;
     }
 

toju-app/src/app/domains/server-directory/feature/find-servers/find-servers.component.spec.ts

@@ -52,6 +52,7 @@ function createHarness(options: HarnessOptions = {}) {
       ...provideAppI18nForTests()
     ]
   });
+
   initializeAppI18nForTests(injector);
   const component = runInInjectionContext(injector, () => injector.get(FindServersComponent));
 

toju-app/src/app/domains/server-directory/feature/invite/invite.component.ts

@@ -18,6 +18,7 @@ import { DatabaseService } from '../../../../infrastructure/persistence';
 import { ServerDirectoryFacade } from '../../application/facades/server-directory.facade';
 import { User } from '../../../../shared-kernel';
 import { buildLoginReturnQueryParams } from '../../../authentication/domain/logic/auth-navigation.rules';
+import { SignalServerAuthorizeService } from '../../../authentication/application/services/signal-server-authorize.service';
 
 @Component({
   selector: 'app-invite',
@@ -26,19 +27,22 @@ import { buildLoginReturnQueryParams } from '../../../authentication/domain/logi
   templateUrl: './invite.component.html'
 })
 export class InviteComponent implements OnInit {
-  private readonly i18n = inject(AppI18nService);
   readonly currentUser = inject(Store).selectSignal(selectCurrentUser);
   readonly invite = signal<ServerInviteInfo | null>(null);
   readonly status = signal<'loading' | 'redirecting' | 'joining' | 'error'>('loading');
-  readonly message = signal(this.i18n.instant('servers.invite.messages.loading'));
+  readonly message = signal('');
 
+  private readonly i18n = inject(AppI18nService);
   private readonly route = inject(ActivatedRoute);
   private readonly router = inject(Router);
   private readonly store = inject(Store);
   private readonly serverDirectory = inject(ServerDirectoryFacade);
   private readonly databaseService = inject(DatabaseService);
+  private readonly signalServerAuthorize = inject(SignalServerAuthorizeService);
 
   async ngOnInit(): Promise<void> {
+    this.message.set(this.i18n.instant('servers.invite.messages.loading'));
+
     const inviteContext = this.resolveInviteContext();
 
     if (!inviteContext) {
@@ -127,6 +131,15 @@ export class InviteComponent implements OnInit {
     this.message.set(this.i18n.instant('servers.invite.messages.joining', { name: invite.server.name }));
 
     const currentUser = await this.hydrateCurrentUser();
+    const hasCredential = await this.signalServerAuthorize.ensureCredentialForServerUrl(context.sourceUrl);
+
+    if (!hasCredential) {
+      this.status.set('redirecting');
+      this.message.set(this.i18n.instant('servers.invite.messages.redirectingAuthorize'));
+
+      return;
+    }
+
     const joinResponse = await firstValueFrom(this.serverDirectory.requestJoin({
       roomId: invite.server.id,
       userId: currentUserId,

toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.spec.ts

@@ -114,6 +114,7 @@ function createHarness(options: HarnessOptions = {}) {
       ...provideAppI18nForTests()
     ]
   });
+
   initializeAppI18nForTests(injector);
   const component = runInInjectionContext(injector, () => injector.get(ServerBrowserComponent));
 

toju-app/src/app/domains/server-directory/feature/server-browser/server-browser.component.ts

@@ -32,6 +32,7 @@ import {
 import { AppI18nService, APP_TRANSLATE_IMPORTS } from '../../../../core/i18n';
 import { setStoredCurrentUserId } from '../../../../core/storage/current-user-storage';
 import { buildLoginReturnQueryParams } from '../../../authentication/domain/logic/auth-navigation.rules';
+import { SignalServerAuthorizeService } from '../../../authentication/application/services/signal-server-authorize.service';
 import { AutoFocusDirective, SelectOnFocusDirective } from '../../../../shared/directives';
 import { RoomsActions } from '../../../../store/rooms/rooms.actions';
 import {
@@ -124,6 +125,7 @@ export class ServerBrowserComponent implements OnInit {
   private pluginStore = inject(PluginStoreService);
   private injector = inject(Injector);
   private readonly i18n = inject(AppI18nService);
+  private readonly signalServerAuthorize = inject(SignalServerAuthorizeService);
   private searchSubject = new Subject<string>();
   private banLookupRequestVersion = 0;
 
@@ -530,6 +532,14 @@ export class ServerBrowserComponent implements OnInit {
         }
       }
 
+      if (server.sourceUrl) {
+        const hasCredential = await this.signalServerAuthorize.ensureCredentialForServerUrl(server.sourceUrl);
+
+        if (!hasCredential) {
+          return;
+        }
+      }
+
       const response = await firstValueFrom(
         this.serverDirectory.requestJoin(
           {

toju-app/src/app/domains/server-directory/infrastructure/services/server-directory-api.service.spec.ts

@@ -80,3 +80,80 @@ describe('ServerDirectoryApiService discovery endpoints', () => {
     expect(result).toEqual([]);
   });
 });
+
+function createMultiEndpointHarness(
+  endpoints: { id: string; name: string; url: string; status: string }[],
+  getImpl: (url: string) => unknown
+) {
+  const get = vi.fn((url: string) => of(getImpl(url) ?? { servers: [], total: 0 }));
+  const http = { get } as unknown as HttpClient;
+  const endpointState = {
+    activeServer: () => endpoints[0],
+    activeServers: () => endpoints,
+    servers: () => [],
+    resolveCanonicalEndpoint: (endpoint: unknown) => endpoint ?? null,
+    findServerByUrl: () => null,
+    sanitiseUrl: (value: string) => value
+  } as unknown as ServerEndpointStateService;
+  const injector = Injector.create({
+    providers: [
+      ServerDirectoryApiService,
+      { provide: HttpClient, useValue: http },
+      { provide: ServerEndpointStateService, useValue: endpointState }
+    ]
+  });
+  const service = runInInjectionContext(injector, () => injector.get(ServerDirectoryApiService));
+
+  return { service, get };
+}
+
+describe('ServerDirectoryApiService discovery fan-out', () => {
+  const endpoints = [
+    { id: 'ep-1', name: 'Local', url: 'https://local.test', status: 'online' },
+    { id: 'ep-2', name: 'Other', url: 'https://other.test', status: 'online' },
+    { id: 'ep-3', name: 'Prod', url: 'https://signal.toju.app', status: 'online' }
+  ];
+
+  it('aggregates discovery results across all online endpoints', async () => {
+    const { service, get } = createMultiEndpointHarness(endpoints, (url) => {
+      if (url.startsWith('https://local.test'))
+        return { servers: [{ id: 's1', name: 'Alpha' }], total: 1 };
+
+      if (url.startsWith('https://other.test'))
+        return { servers: [{ id: 's2', name: 'Beta' }], total: 1 };
+
+      return { servers: [], total: 0 };
+    });
+    const result = await firstValueFrom(service.getFeaturedServers());
+
+    expect(result.map((server) => server.id).sort()).toEqual(['s1', 's2']);
+    const calledUrls = get.mock.calls.map((call) => call[0] as string);
+
+    expect(calledUrls).toContain('https://local.test/api/servers/featured');
+    expect(calledUrls).toContain('https://other.test/api/servers/featured');
+  });
+
+  it('does not query discovery-unsupported hosts but still returns the supported endpoints', async () => {
+    const { service, get } = createMultiEndpointHarness(endpoints, (url) => {
+      if (url.startsWith('https://local.test'))
+        return { servers: [{ id: 's1', name: 'Alpha' }], total: 1 };
+
+      return { servers: [], total: 0 };
+    });
+    const result = await firstValueFrom(service.getTrendingServers());
+
+    expect(result.map((server) => server.id)).toEqual(['s1']);
+    const calledUrls = get.mock.calls.map((call) => call[0] as string);
+
+    expect(calledUrls.some((url) => url.includes('signal.toju.app'))).toBe(false);
+  });
+
+  it('deduplicates the same server returned by multiple endpoints', async () => {
+    const { service } = createMultiEndpointHarness(endpoints, () =>
+      ({ servers: [{ id: 'dup', name: 'Shared' }], total: 1 })
+    );
+    const result = await firstValueFrom(service.getFeaturedServers());
+
+    expect(result.map((server) => server.id)).toEqual(['dup']);
+  });
+});

toju-app/src/app/domains/server-directory/infrastructure/services/server-directory-api.service.ts

@@ -297,18 +297,43 @@ export class ServerDirectoryApiService {
   }
 
   private getDiscoveryServers(kind: 'featured' | 'trending', limit?: number): Observable<ServerInfo[]> {
-    const baseUrl = this.resolveBaseServerUrl();
+    const params = typeof limit === 'number' ? new HttpParams().set('limit', String(limit)) : undefined;
+    const onlineEndpoints = this.getSearchableEndpoints();
 
+    // Fan discovery out across every online endpoint (mirroring search) so the
+    // default find-servers view isn't empty just because the *active* endpoint
+    // is a discovery-unsupported production host. Querying only the active
+    // endpoint made servers invisible until the user typed a search query.
+    if (onlineEndpoints.length === 0) {
+      return this.fetchDiscoveryFromEndpoint(
+        kind,
+        this.resolveBaseServerUrl(),
+        this.endpointState.activeServer(),
+        params
+      );
+    }
+
+    return forkJoin(
+      onlineEndpoints.map((endpoint) =>
+        this.fetchDiscoveryFromEndpoint(kind, endpoint.url, endpoint, params)
+      )
+    ).pipe(map((resultArrays) => this.deduplicateById(resultArrays.flat())));
+  }
+
+  private fetchDiscoveryFromEndpoint(
+    kind: 'featured' | 'trending',
+    baseUrl: string,
+    source: ServerEndpoint | null | undefined,
+    params?: HttpParams
+  ): Observable<ServerInfo[]> {
     if (!endpointSupportsServerDiscovery(baseUrl)) {
       return of([]);
     }
 
-    const params = typeof limit === 'number' ? new HttpParams().set('limit', String(limit)) : undefined;
-
     return this.http
-      .get<{ servers: ServerInfo[]; total: number }>(`${this.getApiBaseUrl()}/servers/${kind}`, params ? { params } : {})
+      .get<{ servers: ServerInfo[]; total: number }>(`${baseUrl}/api/servers/${kind}`, params ? { params } : {})
       .pipe(
-        map((response) => this.normalizeServerList(response, this.endpointState.activeServer())),
+        map((response) => this.normalizeServerList(response, source ?? null)),
         catchError((error) => {
           console.error(`Failed to get ${kind} servers:`, error);
           return of([]);

toju-app/src/app/domains/theme/application/services/theme.service.spec.ts

@@ -28,6 +28,7 @@ describe('ThemeService theme application', () => {
         useValue: createDocumentStub(styleElements)
       }
     ]);
+
     initializeAppI18nForTests(injector);
 
     service = injector.get(ThemeService);

toju-app/src/app/domains/theme/application/services/theme.service.ts

@@ -347,7 +347,12 @@ export class ThemeService {
       return false;
     }
 
-    this.commitTheme(result.value, stringifyTheme(result.value), this.appI18n.instant('theme.status.presetApplied', { name: result.value.meta.name }));
+    this.commitTheme(
+      result.value,
+      stringifyTheme(result.value),
+      this.appI18n.instant('theme.status.presetApplied', { name: result.value.meta.name })
+    );
+
     return true;
   }
 

toju-app/src/app/domains/theme/feature/theme-picker-overlay/theme-picker-overlay.component.ts

@@ -12,10 +12,7 @@ import { ThemeRegistryService } from '../../application/services/theme-registry.
 @Component({
   selector: 'app-theme-picker-overlay',
   standalone: true,
-  imports: [
-    CommonModule,
-    ...APP_TRANSLATE_IMPORTS
-  ],
+  imports: [CommonModule, ...APP_TRANSLATE_IMPORTS],
   templateUrl: './theme-picker-overlay.component.html'
 })
 export class ThemePickerOverlayComponent {